You probably have business managers and departments clamoring to manage their own users’ information and access needs instead of relying on you or your staff. How many times have you heard “Why can’t I change my own cell phone number in our corporate directory?” or “I’m in the Marketing department. Why do I have to call the Help Desk to get access to the Marketing Information database?”
With Identity Manager, you can delegate administrative duties to the people who should be responsible for them. For example, you can enable individual users to:
Manage their own personal data in the corporate directory. Rather than having you change a cell phone number, they can change it in one place and have it changed in all the systems you’ve synchronized through Identity Manager.
Change their passwords, set up a hint for forgotten passwords, and set up challenge questions and responses for forgotten passwords. Rather than asking you to reset a password because they’ve forgotten it, they can do it themselves after receiving a hint or responding to a challenge question.
Request access to resources such as databases, systems, and directories. Rather than calling you to request access to an application, they can select the application from a list of available resources.
In addition to self-service for individual users, Identity Manager provides self-service administration for functions (management, Help Desk, and so forth) that are responsible for assisting, monitoring, and approving user requests. For example, consider the scenario used in Section 1.2, Workflow and shown below.
Figure 1-8 Provisioning Workflow with Self-Service
Not only does John use the Identity Manager self-service capability to request access to the documents he needs, but John’s manager and the CFO use the self-service capability to approve the request. The established approval workflow allows John to initiate and monitor the progress of his request and allows John’s manager and CFO to respond to his request. Approval of the request by John’s manager and the CFO triggers the provisioning of the Active Directory rights needed by John to access and view the financial documents.