I recently attended a bootcamp for Identity Manager 3.5, and I wanted to share some of my findings through this article. Prior to attending the bootcamp and getting my hands dirty with the beta version of Identity Manager 3.5, I thought I had seen everything after version 2 (Policy Builder) and version 3.0 (Workflow/Provisioning Module), so I was just expecting to see a polished version of 3.0 including patches and updates. Well, I was wrong. Version 3.5 is actually very impressive, with major improvements all over the place.

Improvements in Identity Manager 3.5

Here is an overview for some of the improvements I found, for those of you who are familiar with version 2 or 3.0 and want to see what’s new. This overview does not cover every area, but I believe it would help you to quickly appreciate some of the major enhancements and new functionalities.

Figure 1: Designer 2.0 RC1 Modeler. Designer has been revamped and improved in many areas including localization, versioning, and documentation.

Figure 2: Versioning allows you to work against different versions of Identity Manager.

Figure 3: New actions have been included in Policy Builder for IDM 3.5 and will be available for 3.5 servers/engines.

Figure 4: New actions like Set SSO Credential, Set SSO Passphrase and Clear SSO Passphrase allow integration with Securelogin, SecretStore, and Access Manager.

Figure 5: New action Start Workflow allows easy triggering of provisioning requests or other workflow processes directly from connected systems events.

Figure 6: New Do While action allows an action to be repeated while conditions evaluate to True.

Figure 7: New Do If action allows If-Then-Else logic to be implemented in policies.

Figure 8: New granular Deploy/Compare actions allow a Compare to be conducted at the Policy level, while providing more details about differences.

Figure 9: New support for Policy Sets makes Sharing Policies between drivers easier to implement. Policy chaining has been replaced by indexing, which eliminates some of the issues witnessed by some of us who tried to share policies between drivers 2with previous versions.

Figure 10: The concept of Libraries can be used to manage and group policies that may reside outside of drivers (in the example above, it has been created right under the Vault object).

Figure 11: Project Checker, available after you select Reset Perspective under the Window menu in Designer, allows you to check your project, identify issues, and address them before deploying your project.

Figure 12: Documentation Generation has been improved again in Designer 2.0.

Figure 13: Example for the documentation generation feature of Designer 2.0.

Figure 14: Document generation can leverage custom styles to filter information to be included in the documentation report. Also new in this version is the ability to save in RTF format.

Figure 15: It is now possible to create mapping tables under libraries.

Figure 16: Once a mapping table is available, it can be leveraged in a Placement Rule or anywhere else in the logic. By storing mapping tables in a library, they can be leveraged globally by multiple drivers.

Figure 17: Designer provides an ECMAScript (or JavaScript) editor. ECMAScript objects are supported with Identity Manager 3.5.

Figure 18: Through jobs, it is possible to schedule actions for drivers or the subscriber channel. (Richard and I had to write our own version of this in 2004!)

Figure 19: The job scheduler is based on the crontab standard.

Figure 20: Example of a policy condition for a job.

Figure 21: The WorkOrder driver can be used to automate, schedule and order tasks.

Figure 22: Work Order Management with iManager.

Figure 23: The Identity Manager Inspector allows you to view associations for the connected systems for an eDirectory object.

Figure 24: User Application portal also allows you to report on associations for individual users.

Figure 25: Several enhancements have been included in the User Application portal, including Digital Signature support through Cryptovision (purchased separately).

Figure 26: Several enhancements are available through NMAS 3.0 dealing with Universal Password.

Figure 27: More settings can be configured for the User Application portal, including the possibility to allow access to some services without requiring authentication (e.g., self-registration).

Figure 28: It is possible to protect the Forgot Password service from hackers by limiting the information that is exposed, and by redirecting them to a generic password policy.


In conclusion, Identity Manager 3.5 includes many enhancements and new features with significant value – they simplify the implementation of required logic, and they open the door to new possibilities. Also, enhancements for security and customization for the User Application portal are welcome additions. More information could have been included in this document, but my goal was to provide enough information to encourage you to explore Identity Manager youself. You can do this without actually having to install all the pieces. Designer can be used to explore Identity Manager 3.5 without requiring access to a back-end vault.

To download Designer, or Identity Manager, go to

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: mbluteau
Mar 28, 2007
11:53 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow