Integration with Novell Identity Manager is available as part of the Novell Compliance Management Platform 1.0.1 and Novell Compliance Management extension for SAP environments 1.0.1, which includes the following components:
Sentinel Rapid Deployment
eDirectory 8.8.5
Identity Manager 3.6.1
Access Manager 3.1
Identity Tracking Solution Pack 6.1r3
Analyzer for Identity Manager 1.1
Identity Manager Resource Kit 1.2
Identity Manager Driver for Sentinel 3.6
For more information, see Novell Compliance Management Platform and Novell Compliance Management Platform extension for SAP environments 1.0.
The Solution also requires identity-enabled Collectors, which are available for download at the Standard Sentinel Content download Web site.
After Sentinel and Identity Manager are installed, the Sentinel Driver for Identity Manager sends identity and account information from the Identity Vault to the Sentinel Identity Vault Collector, which populates the Sentinel database. The information is inserted into two new tables in Sentinel Rapid Deployment. These two tables are the Identity table (USR_IDENTITY) and the Account table (USR_ACCOUNT ). For more information, see Sentinel 6.1 Rapid Deployment Database Views for PostgreSQL
in the Sentinel 6.1 Rapid Deployment Reference Guide.
The time required to initially populate the Sentinel database depends on the amount of data in the Identity Vault; identity information including photographs requires significantly more time to load.
The Sentinel Driver for Identity Manager and Identity Vault Collector also keep the identity information synchronized as information is updated in the Identity Vault during normal Identity Manager operations.
After the identity information and account information are loaded in their respective tables with a link between them, a map named IdentityAccountMap is generated automatically in the location <install_directory>/data/map_data. The map contains the following information:
Account Name
Authority
Customer Name
Identity GUID
Full Name
Department
Job Title
Manager GUID
Account Status
IMPORTANT:An identity can have multiple accounts but one account cannot be assigned to multiple identities.
The identity map is automatically applied to all events from Collectors to look for an identical match between the information in the event and key fields in the map. The table below shows the fields that are populated if all of the map key fields and event data exactly match. These mappings are automatically configured and are not editable.
NOTE:To find a match, the event fields and map key fields must match exactly. This might require modifications to existing Collectors to “identity enable” them to parse or concatenate data to make these fields match the data from the Identity Vault.
Once added to the event by the mapping service, these fields are used by correlation rules, remediation actions, and reports in the Identity Tracking Solution Pack. In addition to using the content included in the Solution Pack, users can also perform the following actions:
Create correlation rules based on identity in addition to account name. This allows you to look for similar events from a single user, which provides a more comprehensive view than looking at events from a single account
Create reports that show identity, including all accounts associated with a user
Use the Identity Browser to get more information about users and their activity
NOTE:For other identity systems, similar integration can be achieved by writing an identity synchronization Collector that uses the Identity API.