Product Description

NetIQ Identity Manager 4.6 is a comprehensive identity management suite. It allows organizations to manage the full user life cycle, from initial hire, through ongoing changes, to ultimate retirement of the user relationship, and it also provides the means to audit and generate reports of the user's life cycle for compliance. Identity Manager includes capabilities for automated provisioning and de-provisioning of user accounts, managing passwords, and managing user data across your organization's directories, applications, databases, and operating system platforms. Through streamlined user administration and processes, Identity Manager helps organizations reduce management costs, increase productivity and security, and comply with government regulations.

Identity Manager includes a broad spectrum of functionality. In order to meet different customer needs, Identity Manager functionality is provided in two product groups: Advanced Edition and Standard Edition. Identity Manager includes the complete set of functionality in Advanced Edition. Standard Edition includes a subset of the features provided in Advanced Edition. For a comparison of features available in Advanced and Standard Editions, see the feature comparison table in the Identity Manager 4.6 Release Notes.

Prior to Identity Manager 4.6, Identity Manager Advanced and Standard Editions were delivered in separate ISOs. With Identity Manager 4.6, NetIQ delivers both editions in a single ISO to improve its delivery of new features, patches, documentation, and support, while allowing customers to select the solution capabilities that best match their needs.

Identity Manager 4.6 includes several components and tools. Some of the main components are listed below.

  • Identity Manager Engine and Remote Loader: These components synchronize, transform, and distribute information across a wide range of applications, databases, operating systems, and directories.

  • Drivers: Enable the flow of information between Identity Manager and the connected systems. All drivers are included with the Identity Manager, but not all driver activations are included with the Identity Manager purchase. All other drivers activations require an additional purchase of the Integration Module. An Integration Module can contain one or more drivers. For more information about the other drivers that are available, see NetIQ Identity Manager Drivers Documentation Web site. For purchasing information about the additional integration modules, see How to Buy.

  • Identity Applications: Identity Manager lets you provision users based on their roles in the organization. You define the roles and make the assignments according to your organizational needs. When a user is assigned to a role, Identity Manager provisions the user with access to the resources associated with the role. Users that have multiple roles receive access to the resources associated with all of the roles. The Identity Manager solution provides the following components for provisioning users:

    • Identity Manager Dashboard
    • Catalog Administrator
    • User Application

    The Dashboard provides a single access point for all Identity Manager users and administrators. It allows access to all existing Catalog Administrator and User Application functionality. With Identity Manager 4.6, the Dashboard replaces Identity Manager Home and Provisioning Dashboard.

    NOTE: The identity applications are not available with Identity Manager 4.6 Standard Edition.

  • Identity Reporting: This component generates reports that show critical business information about various aspects of your Identity Manager configuration, including information collected from Identity Vaults and managed systems such as Active Directory or SAP. Identity Reporting provides a set of predefined report definitions you can use to generate reports. In addition, it gives you the option to import custom reports defined in a third-party tool. The Identity Reporting user interface makes it easy to schedule reports to run at off-peak times to optimize performance.

Additionally, Identity Manager 4.6 offers several other components that help you build a full-fledged identity management framework. For a complete list of components and their versions shipped with Identity Manager, see Identity Manager 4.6 Release Notes.

The following Identity Manager tools help you build and maintain your Identity Manager environment:

  • Analyzer for Identity Manager: An Eclipse-based identity management toolset that helps you ensure that internal data quality policies are adhered to by providing data analysis, data cleansing, data reconciliation, and data monitoring and reporting. Analyzer lets you analyze, enhance, and control all data stores throughout the enterprise.

  • Designer for Identity Manager: An Eclipse-based tool that helps you design, deploy, and document your Identity Manager system. Using Designer's graphical interface, you can design and test your system in an offline environment, deploy the system into your production environment, and document all details of your deployed system.

  • Catalog Administrator: A Web-based tool that allows business and security analysts manage roles and resources in Identity Manager without needing to understand the overall IT infrastructure. Though catalog is not a unique database or a set of files, it encompasses all information about roles, resources, and relationship between them. Catalog Administrator allows you to view and manage permission assignments across various connected systems in organizations managed by Identity Manager. Catalog Administrator also allows you to design roles and map them with resources across connected systems. Catalog Administrator is not available with Identity Manager 4.6 Standard Edition.

  • iManager: A Web-based administration tool that helps you configure your Identity Manager system. After you install the Identity Manager plug-ins for iManager, you can manage Identity Manager and receive real-time health and status information about your Identity Manager system. With iManager, you can perform similar tasks as performed with Designer and also monitor the health of your system. NetIQ recommends that you use iManager for administrative tasks. Use Designer for configuration tasks that require changes to packages, modeling, and testing prior to deployment.

New Features

Identity Manager 4.6 includes new features, enhancements, and support for latest platforms across Identity Manager components.

  • New Dashboard for Identity Manager
    This release provides a new Dashboard for accessing all of the features in the identity applications for end users.

    • Persona driven responsive user interface

      • The new Dashboard provides user-specific content. From the Dashboard, users can perform different actions, depending on their roles.

    • One stop for all Identity Management needs for end users
      • Request permissions to roles, resources, and workflows for yourself or for others
      • Approve and deny permissions requests or claim tasks and take action on them later
      • Complete tasks as a proxy for someone on your team
      • View all of the roles and resources assigned to you
      • View the status and history of your requests
      • Manage your profile settings and password
      • Find other users in your organization and take relevant action

    • In-built user catalog and organizational chart
      • Displays all the required information about the users and their relationships
      • Is scalable when working with a large number of users
      • Easily customizable views
      • Improved search functionality

    • Easy to customize and navigate
      • Customize branding, layouts, access and user data representation to meet your organization’s branding requirements
      • Add links to the Applications page in the Dashboard to useful websites, software applications, and identity application features, such as Catalog Administrator
      • You can configure multiple clients for different sets of users within your organization, with each client having its own branding, layout, navigation accesses and customization

Users can log in with any supported Web browser on either a desktop computer or a tablet. The Dashboard also includes context-sensitive Help to provide information when you need it. For more information, see the NetIQ Identity Manager - Administrator’s Guide to the Identity Applications.

  • Support for eMail Based Approval
    This release introduces support for approving or rejecting a task or a workflow over email. You can directly respond to a pending approval task without the need for logging into the User Application. For more information, see Email Based Approval in the NetIQ Identity Manager - Administrator’s Guide to Designing the Identity Applications.

  • Identity Manager Engine Enhancements
    • Monitoring Identity Manager: This release includes support for monitoring Identity Manager engine and the health of the User Application. Identity Manager supports this feature on LDAP protocol and only an LDAP client can place requests for monitoring data. For more information, see Monitoring Identity Manager in the NetIQ Identity Manager Driver Administration Guide.

    • Support for eDirectory 8.8.8.9 and 9.0.2: This release provides support for eDirectory 9.0.2 or later in addition to eDirectory 8.8.8.9 as an Identity Vault. For more information, see the NetIQ Identity Manager Setup Guide.

    • Suite B Support: This release provides support for configuring Identity Manager components to use the cryptographic algorithms specified by Suite B. Suite B is a set of cryptographic algorithms standardized by the National Security Agency (NSA) to allow commercial products to protect traffic that is classified at secret or top secret levels. The Suite B algorithms ensure the security of classified and unclassified information passed through public networks. For more information about Suite B, see Suite B Cryptography.

      You can configure the communication between the Identity Manager engine and the Remote Loader/Fan-Out agent in Suite B mode. For more information, see Configuring Stronger Ciphers for SSL Communication in the NetIQ Identity Manager Driver Administration Guide. Support for Suite B is included in eDirectory 9.0.1 and later versions.

    • New Actions for Creating Roles and Resources in Designer: This release includes support for building role and resource creation actions in Designer’s Policy Builder. These actions are available only with Identity Manager server version 4.6. For more information, see Create Resource and Create Role sections in the NetIQ Identity Manager - Using Designer to Create Policies Guide.

    • Mutual Authentication Between the Remote Loader and the Identity Manager Engine: With this release, you can configure mutual authentication between the Remote Loader and the Identity Manager engine for additional security. This authentication mechanism uses certificates for mutual handshake instead of passwords. The Remote Loader and the Identity Manager engine authenticate each other by exchanging and validating the public key certificate or digital certificate issued by the trusted Certificate Authorities (CAs) or self-signed certificates. For more information, see Configuring Mutual Authentication with the Identity Manager Engine in the NetIQ Identity Manager Setup Guide.

    • Subscriber Service Channel: Identity Manager introduces Subscriber Service Channel that enables you to separately process the out of band queries without interrupting the normal flow of cached events. For example, code map refresh, data collection, and queries triggered from dxcmd, can be separately processed on the Subscriber service channel. Processing these queries separately helps to improve the performance of a driver. This functionality can be controlled by a new ECV named Enable Subscriber Service Channel. This feature is currently available for use with the JDBC Fan-Out driver only.

    • Rhino ECMAScript Engine: This release includes support for Nashorn ECMAScript engine. To use this scripting engine, change the default setting by using the Use Rhino ECMAScript engine control value.

      • For more information, see Engine Control Values in the NetIQ Identity Manager Driver Administration Guide.

  • Activating Identity Manager with DirXML Command Line Utility
    This release provides support for activating Identity Manager using the DirXML command line utility in addition to iManager. For more information, see Activating Identity Manager in the NetIQ Identity Manager Setup Guide.

  • Single ISO for Identity Manager Advanced and Standard Editions
    Identity Manager 4.6 provides both Advanced and Standard Editions in a single ISO instead of separate ISO files. To understand what features are contained in each edition, see Features Supported with Identity Manager Advanced and Standard Editions in the Identity Manager 4.6 Release Notes. This change does not affect the existing licensing model. Identity Manager continues to provide separate licenses for Advanced and Standard Editions. For more information about licensing and activation, see Understanding Licensing and Activation in the NetIQ Identity Manager Setup Guide.

    For new installations, you can configure Identity Manager as Advanced Edition or Standard Edition based on the choice you specified during Identity Manager engine installation. For continued use of features, you must apply the appropriate license keys.

  • Convenience Bundling of Identity Manager Components
    In addition to providing the complete Identity Manager functionality in one ISO file, NetIQ delivers various Identity Manager components in separate ISO files. The convenience bundling option enables you to download only the required components for your installation. The name of the ISO file identifies the components it contains and the platform it can be used for. For information about the ISO files provided with this release, see Installing NetIQ Identity Manager 4.6 in the Identity Manager 4.6 Release Notes.

  • Simplified Upgrade for Identity Applications and Supporting Components
    For your convenience, the Identity Manager 4.6 installation kit includes an upgrade program for upgrading the identity applications and supporting software, which includes OSP, SSPR, Tomcat, JDK, and ActiveMQ. For more information, see Upgrading Identity Applications and Supporting Components in the NetIQ Identity Manager Setup Guide.

  • Auditing with Log Management for Identity Governance and Administration
    In this release, Sentinel Log Management for Identity Governance and Administration (IGA) replaces Event Auditing Service (EAS) for auditing events. For your convenience, the Identity Manager 4.6 installation kit includes an installation program for Sentinel Log Management for IGA. For more information, see Installing Sentinel Log Management for Identity Governance and Administration in the NetIQ Identity Manager Setup Guide.

    • When you upgrade to version 4.6, you may migrate your existing data from EAS to Sentinel Log Management for IGA after installing this component. For more information, see Migrating from EAS to Sentinel Log Management for IGA in the NetIQ Identity Manager Setup Guide.

  • Separate Installation Programs for One SSO Provider and Self-Service Password Reset Components
    For your convenience, this release provides separate installation programs to install One SSO Provider (OSP) and Self-Service Password Reset (SSPR) components. For more information, see Installing the Single Sign-on Component and Installing the Password Management Component in the NetIQ Identity Manager Setup Guide.

    • For a complete list of new features and enhancements in Identity Manager 4.6, see New Features in the Identity Manager 4.6 Release Notes.

    System Requirements

    For information about system requirements, see the Identity Manager Setup Guide on the Identity Manager Documentation Web site.

    Understanding the Download Options

    NetIQ recommends that you review the following considerations when deciding to download the ISO files:

    • NetIQ provides a single ISO file that contain all components for a full Identity Manager installation. The name of the ISO file identifies the platform. For example, Identity_Manager_version_Linux.iso.

    • The convenience bundling option enables you to download only the required components for your installation.

    • The integration modules are bundled with Identity Manager ISO and also available as separate downloads. You can download a specific integration module directly from the NetIQ downloads page.

    The following table provides information about the .iso files provided with Identity Manager 4.6:

    Filename Description
    Identity_Manager_4.6_Linux.iso Identity Manager DVD for Linux

    Includes all the Identity Manager components:

    • iManager
    • Identity Vault
    • Identity Manager server, Remote Loader, drivers, and plug-ins
    • OSP
    • SSPR
    • Identity Applications
    • Sentinel Log Management for IGA
    • Identity Reporting
    • Analyzer
    • Designer
    Identity_Manager_4.6_Windows.iso Identity Manager DVD for Windows

    Includes all the Identity Manager components:

    • iManager
    • Identity Vault
    • Identity Manager server, Remote Loader, drivers, and plug-ins
    • OSP
    • SSPR
    • Identity Applications
    • Identity Reporting
    • Analyzer
    • Designer

    Note: Sentinel Log Management for IGA is not supported on Windows.
    Identity_Manager_4.6_Linux_Framework.iso Identity Manager DVD for Identity Manager Engine, Drivers, and Plug-ins

    Includes the following components:

    • Identity Vault
    • Identity Manager server, Remote Loader, drivers, and plug-ins
    Identity_Manager_4.6_Windows_Framework.iso Identity Manager DVD for Identity Manager Engine, Drivers, and Plug-ins

    Includes the following components:

    • Identity Vault
    • Identity Manager server, Remote Loader, drivers, and plug-ins
    Identity_Manager_4.6_Linux_IdentityApplications.iso Identity Manager DVD for OSP, SSPR, Identity Applications, and Identity Reporting

    Includes the following components:

    • OSP
    • SSPR
    • Identity Reporting
    • Sentinel Log Management for IGA
    • Identity Applications
    Identity_Manager_4.6_Windows_IdentityApplications.iso Identity Manager DVD for OSP, SSPR, Identity Applications, and Identity Reporting

    Includes the following components:

    • OSP
    • SSPR
    • Identity Reporting
    • Identity Applications

    NOTE: Sentinel Log Management for IGA is not supported on Windows.
    • designer_linux.tar.gz
    • designer_win.zip
    		 Identity Manager Designer for Linux and Windows

    An Eclipse-based tool that helps you design, deploy, and document your Identity Manager system. Using Designer's graphical interface, you can design and test your system in an offline environment, deploy the system into your production environment, and document all details of your deployed system.

    • Identity_Manager_Linux_LDAP_Designer.tar.gz
    • Identity_Manager_Windows_LDAP_Designer.zip
    		 Identity Manager Designer (LDAP) for Linux and Windows

    Designer (LDAP) includes all functionality provided by the other version of Designer. However, it uses LDAP calls for communicating with Identity Vault instead of legacy APIs. The LDAP communication significantly improves the import and deploy operation performance in both normal (private network) and virtual private network environments.

    • analyzer_linux.tar.gz
    • analyzer_win32.zip
    		 Identity Manager Analyzer for Linux and Windows

    An Eclipse-based identity management toolset that helps you ensure that internal data quality policies are adhered to by providing data analysis, data cleansing, data reconciliation, and data monitoring and reporting.

    Identity_Manager_4.6_Win2k16.iso

    		 Identity Manager DVD for Windows 2016

    Includes all the Identity Manager components:

    • iManager
    • Identity Vault
    • Identity Manager server, Remote Loader, drivers, Fan-Out agent and plug-ins
    • OSP
    • SSPR
    • Identity Applications
    • Identity Reporting
    • Analyzer
    • Designer
    • Designer (LDAP)

    Note:To install and configure the supported Identity Manager components on Windows 2016, you must upgrade your current version of Identity Manager to 4.6 SP2. However, this restriction does not apply to Remote Loader. You can install Remote Loader 4.6 on this platform.

    NIdM_Integration_Module_4.6_LinuxUnix.iso
    • Integration Module for Linux and UNIX

      • Includes the following drivers:
    • Integration Module for Linux and UNIX User Settings

      • Includes Identity Manager Driver for Linux and UNIX User Settings. See the Identity Manager Drivers Documentation for platform information.
    NIdM_Integration_Module_4.6_Mainframes_Midrange.iso
    • Integration Module for Mainframe

      • Includes support for RACF, Top Secret, and ACF/2 security systems on z/OS. Supported on Linux, Windows, and Solaris platforms. See the Identity Manager 4.6 Driver for Mainframe Readme for additional platform information.

    • Integration Module for Midrange

      • Includes support for OS/400, iSeries, and i5/OS. Supported on Linux, Windows, and Solaris platforms. See the Identity Manager 4.6 Driver for Midrange Readme for additional platform information.
    NIdM_Integration_Module_4.6_Scripting.iso Integration Module for Scripting

    Includes support for OS/400, iSeries, and i5/OS. Supported on Linux, Windows, Solaris, AIX, and HP-UX. See the Identity Manager 4.6 Driver for Scripting Guide for additional platform information.

    Downloading and Installing

    This is a high-level overview of the installation process for typical customers. For more details and alternatives, see the Identity Manager Documentation Web site.

    1. Based on your platform, download the ISO files to a directory on your computer where you will install Identity Manager and unpack it into a temporary directory using a platform-compatible utility.

      2. NOTE: Before proceeding with the software download, remember to go through the following information:
      • The ISO files contain 64-bit media.
      • The ISO images are large files. Ensure that you download them to a volume or DVD that supports the file size. The installation lays down the appropriate binaries based on your selection during installation.

    2. Run the Identity Manager installation programs.
      You must install some components in a specific order because the installation process requires access to previously installed components. For example, you should install and configure the Identity Vault before installing the Identity Manager engine. For more information about high-level steps for planning an installation of Identity Manager in your environment, see Planning Checklist on the Identity Manager Documentation Web site.

    NOTE: Designer and Analyzer include installation programs that make them standalone applications. You can download them from the NetIQ Downloads Web site.

    Downloading Designer and Analyzer

    1. Designer
      1. Download the Designer 4.6 software package.
      2. Run the installation program.
        3. For Windows, run install.exe from the designer_install directory. For Linux, run ./install from /products/Designer/.
      3. Select a language to use during the installation, then click OK.
        The default language is English. You can select a different language from the drop-down list. The languages displayed in the language-selection dialog box are filtered, based on the default system locale. If the default system locale is English (or another Latin-based character set), only languages that use the Latin character set are displayed. If the default system locale is set to Japanese (or any double byte-locale), only the double-byte locales, such as Chinese, Korean, and Japanese, are displayed in the list. The exception to this is English, which is always in the list, regardless of the default system locale.
      4. Review the Introduction, accept the license agreement, select a location for the Designer files, then select shortcuts to Designer.
      5. Select a language for the Designer user interface.
        The default is the language that you selected to use for the installation. You can select a different language from the drop-down list. After installation, you can change the language by using Preferences.
      6. Review the summary of choices, then install Designer.
      7. Review known issues in the Release Notes file, then complete the installation.
      8. To run Designer, click the Designer icon on the desktop.
        9. For the list of known issues, see one of the following on the Identity Manager Documentation Web site.

    2. Analyzer
      1. Download the Analyzer 4.6 software package.
      2. Download an Analyzer license from the Customer Care Portal. For more information about installing the Analyzer license, see "Activating Analyzer" in the Identity Manager Setup Guide.
      3. Extract the Analyzer package to a folder of your choice. Within your specified folder, extract all Analyzer files into an analyzer_install folder.
      4. Run the installation program.
        5. For Windows, run install.exe from \products\Analyzer\. For Linux, run ./install from products/Analyzer/.
      5. Follow the instructions in the wizard until you finish installing Analyzer.
        6. For the list of known issues, see the Analyzer 4.6 Release Notes on the Identity Manager Documentation Web site.

    Understanding Installation Options

    NetIQ provides two ways to install and configure Identity Manager 4.6 in your environment: an integrated installation solution and installation programs for each component or a group of components. The integrated installation program enables you to install and configure all components, using default values for many of the settings. You can use the integrated installation program to install all components on one computer.

    NOTE: NetIQ does not support the integrated installation program for installing Identity Manager 4.6 Standard Edition. You must install each component using the standalone installation programs provided with the Identity Manager media.

    With the standalone installation programs, you can install one or more of the Identity Manager components separately or customize a large portion of the setting. For more information, see Understanding the Integrated and Standalone Installation Processes on the Identity Manager Documentation Web site.

    Activating Identity Manager

    Identity Manager products require activation, except Designer and Catalog Administrator. You can use the following products for a 90-day evaluation period before purchasing an activation for using them or discontinuing to use them:

    • Identity Manager
    • Identity Applications
    • Identity Reporting
    • Integration Modules
    • Sentinel Log Management for IGA

    Analyzer requires an activation to run.

    For more information about activating specific Identity Manager components, see Activating Identity Manager in the Identity Manager Setup Guide.

    Known Issues

    For the list of known issues for Identity Manager 4.6 Advanced and Standard Editions, see the Identity Manager 4.6 Release Notes.