Novell Identity Manager 4.0 Integration Module for Mainframes

March 18, 2011

1.0 Overview

The Novell® Identity Manager 4.0 Integration Module for Mainframes comes with two provisioning options: Bidirectional and Fan-Out. With these options, you have the full range of capabilities to satisfy your authentication and data provisioning needs.

2.0 Version Support

Connected Platform

Versions Supported by Bidirectional Driver

Versions Supported by Fan-Out Platform Services

z/OS*

1.10, 1.11, 1.12

1.8, 1.9, 1.10

Core Driver Platform

Versions Supported by Core Driver

Windows*

Any supported by the Identity Manager version in use

Linux

Any supported by the Identity Manager version in use

Solaris

Any supported by the Identity Manager version in use

2.1 Security System Version Support

Connected Platform

Versions Supported by Bidirectional Driver

Versions Supported by Fan-Out Platform Services

RACF*

(supported z/OS version)

(supported OS version)

Top Secret*

r12, r14, r15

N/A

ACF/2*

N/A

r9, r12, r14

3.0 Feature Overview

Feature

Bidirectional

Fan-Out

Data Publishing from Platform to Identity Manager

Yes

No

Data Subscribing from Identity Manager to Platform

Yes

Yes

Provisioning to Hundreds of Platforms with a Single Driver

No

Yes

Bidirectional Password Synchronization

Yes

Yes

Administrative Password Resets from Platform

Yes

No

Administrative Password Resets to Platform

Yes

Yes

End User Password Replication to and from Platform

Yes

Yes

Authentication Redirection

No

Yes

Enforcement of Universal Password Rules on Platform Login

No

Yes

Universal Password Replication Support

Yes

Yes

Event-Triggered REXX Scripts for Provisioning

Yes

Yes

Event- and Poll-Based Publishing

Yes

No

Role-Based Entitlements and Approval Workflow

Yes

No

Audit Enabled

Yes

Yes

Password Self-Service Support

Yes

Yes

iManager Plug-In

Yes

Yes

Password Failure Email Notification Support

Yes

No

APIs to Simplify Programmatic Directory Access

No

Yes

4.0 Bidirectional Overview

The Bidirectional driver provides complete integration with Identity Manager for full data and password synchronization. This driver provides data customization with Identity Manager policies, using standard security system commands. Each subscribed eDirectory™ data change event is converted into a security system command. Security system commands are captured and published to Identity Manager for appropriate eDirectory updates.

5.0 Fan-Out Overview

The Fan-Out driver provides for delegated logic and control to your system administrators. You can process any Identity Manager data change event with a script on the platform. The Fan-Out driver provides for fan-out to hundreds of systems from a single driver. Authentication redirection provides login support for Universal Password, accessing a central repository for login and password rules. Full bidirectional password synchronization is also supported.

The Fan-Out driver has two components: the Core Driver and Platform Services. The Core Driver provides event fan-out to target platforms running Platform Services. A single core driver can support many platforms running Platform Services, regardless of platform operating system.

6.0 Known Issues

At the time of this document’s release, two known development issues existed for the Identity Manager 4.0 Integration Module for Mainframes. Resolution was in process, with plans for implementation in a future software patch from Novell Support.

The two issues were

  • The RACF Driver Shim will abend with completion code OC4 when issuing the following operator command:

      MODIFY RACFDRV,APPL=STATUS
    
    
  • XDS commands that generate more than one RACF command will only execute the first command generated.

7.0 Documentation Conventions

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (® , TM, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark