Product Description

NetIQ Identity Manager 4.5 is a comprehensive identity management suite. It allows organizations to manage the full user life cycle, from initial hire, through ongoing changes, to ultimate retirement of the user relationship, and it also provides the means to audit and generate reports of the user's life cycle for compliance. Identity Manager includes capabilities for automated provisioning and de-provisioning of user accounts, managing passwords, and managing user data across your organization's directories, applications, databases, and OS platforms. Through streamlined user administration and processes, Identity Manager helps organizations reduce management costs, increase productivity and security, and comply with government regulations.

Identity Manager 4.5 includes several components and tools. Some of the main components are listed below.

  • Identity Manager Engine and Remote Loader: These components synchronize, transform, and distribute information across a wide range of applications, databases, operating systems, and directories.
  • Drivers: Enable the flow of information between Identity Manager and the connected systems. All drivers are included with the Identity Manager, but not all driver activations are included with the Identity Manager purchase. All other drivers activations require an additional purchase of the Integration Module. An Integration Module can contain one or more drivers. For more information about the other drivers that are available, see NetIQ Identity Manager 4.5 Drivers Documentation Web site. For purchasing information about the additional integration modules, see How to Buy.
  • Roles Based Provisioning Module: This module allows you to manage provisioning users based on their roles in your organization. Users can be added to roles by management or can request to be added to a role. If approval for a role is required, you can establish workflows that route the requests through an approval process; if not, you can automate the requests so that no human input is required. In addition, you can establish rules to ensure that a user cannot be added to conflicting roles without an exception being made. The Roles Based Provisioning Module is not available with Identity Manager 4.5 Standard Edition
  • Identity Reporting Module: This module generates reports that show critical business information about various aspects of your Identity Manager configuration, including information collected from Identity Vaults and managed systems such as Active Directory or SAP. The reporting module provides a set of predefined report definitions you can use to generate reports. In addition, it gives you the option to import custom reports defined in a third-party tool. The user interface for the reporting module makes it easy to schedule reports to run at off-peak times to optimize performance.

Additionally, Identity Manager 4.5 offers several other components that help you build a full-fledged identity management framework. For a complete list of components shipped with Identity Manager 4.5 Advanced Edition, see Identity Manager 4.5 Advanced Edition Release Notes. For a complete list of components shipped with Identity Manager 4.5 Standard Edition, see Identity Manager 4.5 Standard Edition Release Notes..

The following Identity Manager tools help you build and maintain your Identity Manager environment:

  • Analyzer for Identity Manager: An Eclipse-based identity management toolset that helps you ensure that internal data quality policies are adhered to by providing data analysis, data cleansing, data reconciliation, and data monitoring and reporting. Analyzer lets you analyze, enhance, and control all data stores throughout the enterprise.
  • Designer for Identity Manager: An Eclipse-based tool that helps you design, deploy, and document your Identity Manager system. Using Designer's graphical interface, you can design and test your system in an offline environment, deploy the system into your production environment, and document all details of your deployed system.
  • Catalog Administrator: A Web-based tool that allows business and security analysts manage roles and resources in Identity Manager without needing to understand the overall IT infrastructure. Though catalog is not a unique database or a set of files, it encompasses all information about roles, resources, and relationship between them. Catalog Administrator allows you to view and manage permission assignments across various connected systems in organizations managed by Identity Manager. Catalog Administrator also allows you to design roles and map them with resources across connected systems. Catalog Administrator is not available with Identity Manager 4.5 Standard Edition.
  • iManager: A Web-based administration tool that helps you configure your Identity Manager system. After you install the Identity Manager plug-ins for iManager, you can manage Identity Manager and receive real-time health and status information about your Identity Manager system. With iManager, you can perform similar tasks as performed with Designer and also monitor the health of your system. NetIQ recommends that you use iManager for administrative tasks. Use Designer for configuration tasks that require changes to packages, modeling, and testing prior to deployment.

New Features

The Identity Manager 4.5 includes new features, enhancements, and support for latest platforms across Identity Manager components.

  • Centralized Access to the Identity Applications
    Identity Manager 4.5 includes Identity Manager Home and the Identity Manager Provisioning Dashboard. Identity Manager Home provides a single access point for all Identity Manager users and administrators, including access to all existing Roles-Based Provisioning Module (RBPM) and User Application functionality. The Provisioning Dashboard provides user-specific content, such as password management and tasks. Users can log in with any supported Web browser on either a desktop computer or a tablet. This feature is not available with Identity Manager 4.5 Standard Edition.

  • Identity Approvals
    The Identity Manager Approvals app allows Managers and resource owners to approve or deny requests remotely, using an iPhone or iPad with the iOS operating system installed. Your users can see and work with the same approval tasks in the app that they would normally see in the User Application interface. All changes are synchronized between the Approvals app and the User Application. This feature is not available with Identity Manager 4.5 Standard Edition.

  • Catalog Administrator for Managing Roles and Resources
    Identity Manager 4.5 includes a new Web-based tool called Catalog Administrator. Catalog Administrator simplifies the usage of entitlements from Identity Manager connected systems in the organization by associating them to Resources. You can manage Roles and Resources, associate Resources to Roles, and manage Separation of Duties conflicts between Roles. Catalog Administrator gets the Role and Resource information from the User Application driver.

    NOTE: The Role Mapping Administrator (RMA) module is not supported in Identity Manager 4.5. Catalog Administrator is the enhancement and replacement for RMA. This tool is not available with Identity Manager 4.5 Standard Edition.

  • Permission Collection and Reconciliation Service (PCRS)
    PCRS enables entitlements for all the Identity Manager drivers. It also makes it easy to onboard or reconcile the permissions from connected systems in Entitlement-Resource-Role format in the Identity Manager Catalog. This feature is not available with Identity Manager 4.5 Standard Edition.

  • Self Service Password Reset as the Default Forgot Password Manager
    Identity Manager 4.5 includes NetIQ Self Service Password Reset (SSPR) to help users reset their passwords without administrative intervention. In a new installation, SSPR uses a proprietary protocol for managing authentication methods. When you upgrade Identity Manager, you can instruct SSPR to use the NetIQ Modular Authentication Services (NMAS) that Identity Manager traditionally has used for its legacy password management program.

  • Providing Single Sign-on Access with One SSO Provider
    To provide single sign-on access to Identity Manager components, such as the User Application and Identity Manager Home, Identity Manager uses NetIQ One SSO Provider (OSP). When a user logs in, OSP verifies the user's credentials with the authentication server. OSP can work with more than one authentication source as long as the source uses OAuth protocol. For example, the Identity Vault, Kerberos, or SAML.

  • PostgreSQL and Apache Tomcat Support the Identity Applications
    For your convenience, the Identity Manager 4.5 product ISO includes an installation program for PostgreSQL database and Apache Tomcat application server. Both of these programs provide the default framework for the identity applications, such as Catalog Administrator and Identity Reporting. Alternatively, you can use a different platform for your Identity Manager databases or application servers.

  • Identity Manager Engine Enhancements
    • Out of Band Sync
      Identity Manager 4.5 includes a new feature, Out of Band Sync. The Identity Manager drivers process events in the order they occur, which guarantees that all changes required for an event to successfully process are already applied. However, there are instances when you want a certain event to take precedence over others. For example, events that involve password changes, locking an account, or disabling an account should take precedence over other events. Identity Manager provides the Out of Band Sync feature that allows you to assign a higher priority to these events, so that they are processed before other events in the queue.

    • No Reference Association for Drivers
      Identity Manager 4.5 includes a new feature called No Reference Association for Identity Manager drivers. You can use this feature along with the legacy associations for an Identity Manager driver. Identity Manager uses associations for identifying objects to which changes can be applied. Information related to a driver in an association is maintained in the eDirectory attribute. Though this reduces the overhead that might be incurred when objects need to be matched each time updates are applied on them, performing reference checks in large deployments can be an overhead. The No-Reference Association for drivers can be used in such situations.

    • Relocating the Event Cache File
      Every driver that is configured in Identity Manager has an associated event cache file. Events are cached in the TAO file before a driver processes them. By default, the TAO files are located in the dib directory. Identity Manager 4.5 allows you to place the TAO files anywhere in the file system. Distributing the file I/O across multiple file systems improves the I/O throughput. Each driver can contain an optional single-valued server readable attribute, DirXML-CacheLocation, whose value is an absolute path to the directory in the file system where the TAO files are created. When the engine is restarted, it looks for this attribute and the TAO files in that location.

    • The Cache Flush Parameter
      Identity Manager 4.5 provides an option to turn off the file system flush for each write. If you disable cache writes, they are not flushed immediately. Instead, the cache writes are left to the underlying operating system to take care of the file system writes.

    For a complete list of the new features and enhancements in Identity Manager 4.5 Advanced Edition, see What's New in the Identity Manager 4.5 Advanced Edition Release Notes.

    For a complete list of the new features and enhancements in Identity Manager 4.5 Standard Edition, see What's New in the Identity Manager 4.5 Standard Edition Release Notes.

File Description

Filename Description
Identity_Manager_4.5_Windows.iso Identity Manager Advanced Edition DVD for Windows

Includes the following items:

  • iManager
  • Identity Vault
  • Identity Manager server, Remote Loader, and all drivers
  • Roles Based Provisioning Module
  • Identity Reporting Module
  • Analyzer
  • Designer
  • Catalog Administrator
Identity_Manager_4.5_Linux.iso Identity Manager Advanced Edition DVD for Linux

Includes the following items:

  • iManager
  • Identity Vault
  • Identity Manager server, Remote Loader, and all drivers
  • Roles Based Provisioning Module
  • Identity Reporting Module
  • Analyzer
  • Designer
  • Catalog Administrator
Identity_Manager_4.5_Windows_Standard.iso Identity Manager Standard Edition DVD for Windows

Includes the following items:

  • iManager
  • Identity Vault
  • Identity Manager server, Remote Loader, and all drivers
  • Identity Reporting Module
  • Analyzer
  • Designer
Identity_Manager_4.5_Linux_Standard.iso Identity Manager Standard Edition DVD for Linux

Includes the following items:

  • iManager
  • Identity Vault
  • Identity Manager server, Remote Loader, and all drivers
  • Identity Reporting Module
  • Analyzer
  • Designer
NIdM_Integration_Module_4.5_LinuxUnix.iso
  • Integration Module for Linux and UNIX
    • Includes the following drivers:
  • Integration Module for Linux and UNIX User Settings
    • Includes Identity Manager Driver for Linux and UNIX User Settings. See the Identity Manager 4.5 Driver Documentation for platform information.
NIdM_Integration_Module_4.5_Mainframes_Midrange.iso
  • Integration Module for Mainframe
    • Includes support for RACF, Top Secret, and ACF/2 security systems on z/OS. Supported on Linux, Windows, and Solaris platforms. See the Identity Manager 4.5 Driver for Mainframe Readme for additional platform information.

  • Integration Module for Midrange
    • Includes support for OS/400, iSeries, and i5/OS. Supported on Linux, Windows, and Solaris platforms. See the Identity Manager 4.5 Driver for Midrange Readme for additional platform information.
NIdM_Integration_Module_4.5_Scripting.iso Integration Module for Scripting

Includes support for OS/400, iSeries, and i5/OS. Supported on Linux, Windows, Solaris, AIX, and HP-UX. See the Identity Manager 4.5 Driver for Scripting Guide for additional platform information.

NIdM_Driver_4.0.2_GroupWise2014.zip Driver for GroupWise 2014

Novell GroupWise 2014 is a cross-platform, corporate email system that provides secure messaging, calendaring, and scheduling. GroupWise 2014 also includes task management, contact management, document management, and other productivity tools that are secure, highly available, and easily accessible. See the NetIQ Identity Manager 4.0.2 Driver for GroupWise 2014 Implementation Guide for information about the drivers' features and requirements.

NIdM_Driver_4.5_AR1-1.zip Driver for Access Review

The Identity Manager Driver for NetIQ Access Review (Access Review driver) allows you to provision application-specific permission catalog data from Access Review to Identity Manager. This gives you the ability to review and certify permission assignments using Access Review, as well as to request and provision these permissions using Identity Manager. See the NetIQ Identity Manager Driver for Access Review Installation and Configuration Guide for information about the drivers' features and requirements.

NIdM_Driver_4.1_Office365.zip Driver 4.1 for Office 365

The Office 365 driver for NetIQ Identity Manager 4.5.1 seamlessly provisions and deprovisions users, group memberships, roles, and licenses to the Microsoft Online Services cloud application and keeps user identity information consistent across both the Identity Vault and Office 365. See the NetIQ Identity Manager Driver for Office 365 Implementation Guide for information about the drivers' features and requirements.

NIdM_Driver_4.5_REST.zip Driver for REST

The Identity Manager driver for REST enables identity provisioning and data synchronization between an Identity Vault and any RESTful service. See the NetIQ Identity Manager Driver for REST Implementation Guide for information about the drivers' features and requirements.

NIdM_Driver_4.5_MDAD.zip Driver for Multi-Domain Active Directory

The Identity Manager driver for Multi-Domain Active Directory supports provisioning of multiple domains in an Active Directory forest. The driver simplifies the overall deployment and integration of the entire Active Directory forest with the Identity Manager solution. See the NetIQ Multi-Domain Active Directory Driver Implementation Guide for information about the drivers' features and requirements.

NIdM_Driver_4.5_ServiceNow.zip Driver for ServiceNow

The Identity Manager driver for ServiceNow seamlessly provision and de-provision users to the ServiceNow cloud application. The driver provides an out-of-the-box integration for provisioning users, groups, roles, and department assignments keeping the user identity information consistent across the Identity Vault and the cloud application. See the NetIQ ServiceNow Driver Implementation Guide for information about the drivers' features and requirements.

Designer for Identity Manager
  • designer_linux.tar.gz
  • designer_win.zip
 Identity Manager Designer for Linux and Windows

An Eclipse-based tool that helps you design, deploy, and document your Identity Manager system. Using Designer's graphical interface, you can design and test your system in an offline environment, deploy the system into your production environment, and document all details of your deployed system.

Analyzer for Identity Manager
  • analyzer_linux.tar.gz
  • analyzer_win32.zip
 Identity Manager Analyzer for Linux and Windows

An Eclipse-based identity management toolset that helps you ensure that internal data quality policies are adhered to by providing data analysis, data cleansing, data reconciliation, and data monitoring and reporting.

System Requirements

For the most recent information about system requirements, see the Identity Manager Setup Guide on the Identity Manager Documentation Web site.

Downloading and Installing Identity Manager

NetIQ provides two ways to install and configure Identity Manager 4.5 Advanced Edition in your environment: an integrated installation solution and installation programs for each component or a group of components. The integrated installation program enables you to install and configure all components, using default values for many of the settings. You can use the integrated installation program to install all components on one computer or in a distributed environment.

NOTE: NetIQ does not support the integrated installation program for installing Identity Manager 4.5 Standard Edition. You must install each component using the standalone installation programs provided with the Identity Manager media.

With the standalone installation programs, you can install one or more of the Identity Manager components separately or customize a large portion of the setting. For more information, see Understanding the Integrated and Standalone Installation Programs on the Identity Manager Documentation Web site. iManager and Password Management plug-ins are available in each product ISO.

This is a high-level overview of the installation process for typical customers. For more details and alternatives, see the Identity Manager Documentation Web site.

  1. Based on your platform, download the ISO files to a directory on your computer where you will install Identity Manager and unpack it into a temporary directory using a platform-compatible utility.

    2. Note: Before proceeding with the software download, remember to go through the following information:
    • The ISO files contain 64-bit media.
    • The ISO images are large files. Ensure that you download them to a volume or DVD that supports the file size. The installation lays down the appropriate binaries based on your selection during installation.
  2. Run the Identity Manager installation programs.
    You must install some components in a specific order because the installation process requires access to previously installed components. For example, you should install and configure the Identity Vault before installing the Identity Manager engine. For more information about high-level steps for planning an installation of Identity Manager in your environment, see Planning Checklist on the Identity Manager Documentation Web site.

NOTE: Designer and Analyzer include installation programs that make them standalone applications. You can download them from the NetIQ Downloads Web site.

  1. Designer
    1. Download the Designer 4.5 software package.
    2. Run the installation program.
      3. For Windows, run install.exe from the designer_install directory. For Linux, run ./products/Designer/install.
    3. Select a language to use during the installation, then click OK.
      The default language is English. You can select a different language from the drop-down list. The languages displayed in the language-selection dialog box are filtered, based on the default system locale. If the default system locale is English (or another Latin-based character set), only languages that use the Latin character set are displayed. If the default system locale is set to Japanese (or any double byte-locale), only the double-byte locales, such as Chinese, Korean, and Japanese, are displayed in the list. The exception to this is English, which is always in the list, regardless of the default system locale.
    4. Review the Introduction, accept the license agreement, select a location for the Designer files, then select shortcuts to Designer.
    5. Select a language for the Designer user interface.
      The default is the language that you selected to use for the installation. You can select a different language from the drop-down list. After installation, you can change the language by using Preferences.
    6. Review the summary of choices, then install Designer.
    7. Review known issues in the Release Notes file, then complete the installation.
    8. To run Designer, click the Designer icon on the desktop.
      9. For the list of known issues, see the Designer 4.5 Release Notes on the Identity Manager Documentation Web site.

  2. Analyzer
    1. Download the Analyzer 4.5 software package.
    2. Download an Analyzer license from the Customer Care Portal. For more information about installing the Analyzer license, see "Activating Analyzer" in the Identity Manager Setup Guide.
    3. Extract the Analyzer package to a folder of your choice. Within your specified folder, all Analyzer files extract into an analyzer_install folder.
    4. Run the installation program.
      5. For Windows, run install.exe. For Linux, run ./install.bin.
    5. Follow the instructions in the wizard until you finish installing Analyzer.
      6. For the list of known issues, see the Analyzer 4.5 Release Notes on the Identity Manager Documentation Web site.

Activating Identity Manager

Identity Manager products require activation, except Designer and Catalog Administrator. You can use the following products for a 90-day evaluation period before purchasing an activation for using them or discontinuing to use them:

  • Identity Manager
  • Roles Based Provisioning Module
  • Identity Reporting Module
  • Integration Modules

Analyzer requires an activation to run. For more information, see "Activating Analyzer" in the Identity Manager Setup Guide.

Known Issues

For the list of known issues for Identity Manager 4.5 Advanced Edition, see the Identity Manager 4.5 Advanced Edition Release Notes.

For the list of known issues for Identity Manager 4.5 Standard Edition, see the Identity Manager 4.5 Standard Edition Release Notes.