3.2 Key Features and Benefits of Architecture

To avoid risk to your production Identity Manager environment, you can deploy Identity Manager in separate stages. For example, deploying to a development environment, then to a test environment, and finally to production. This process allows you to apply improvements and test changes in the project in each stage. Staging provides the flexibility to validate applications in real time to ensure no data loss and uniformity across all stages. It helps you to reduce complexity in your deployment process because you can to test your Identity Manager project at multiple stages before the project is live.

The simplest, most efficient way to stage your OpenText Identity Manager project is by using the package management functionality in Designer. Packages are configured to keep server-specific settings separate from the actual content. You move all of your policies, rather than your server configurations, from one stage to the next.

You can deploy to single or multiple server instances, depending on the functionality that you need. Multiple server instances provide optimal configuration options by supporting geographically dispersed users and resources for increased flexibility, performance, and control.

You can install OpenText Identity Manager in a clustered environment for achieving high availability in some environments. Clustering is supported for engine and Identity Applications. components. For more information about high availability implementations, see the Setup Guide.

The architecture of OpenText Identity Manager includes a built-in Identity Vault so you do not need to create and manage a separate directory structure for identity purposes. The Identity Vault is basically an OpenText eDirectory tree. It serves as a database that contains centralized identity and access information.

Depending on the extent of data that propagates from connected system into the Identity Vault, you can customize the Identity Vault. If you are installing your first OpenText Identity Manager system, use the default settings to help you quickly set up a system. For deploying in large enterprises, you can install individual components on different servers and customize the settings to suit your requirements.

Due to its object-oriented design and a distributed deployment support, Identity Vault is scalable to manage billions of objects. With its powerful schema management and granular data replication, it enables each application to reference a coherent set of identity values without needlessly replicating information across systems. As with all OpenText Identity Manager components, the Identity Vault can run in a wide range of operating environments. Additionally, its deployment as a central identity repository does not limit your ability to use other credential store technologies for other application or infrastructure uses.

OpenText Identity Manager is built on an open architecture. This allows OpenText Identity Manager to integrate with the existing IT infrastructure and leverage existing software and already running applications of an organization. For example, if your implementation requires integrating with an existing company portal or a user management system, you can make use of standards-based APIs, such as REST, SOAP, SPML, JDBC, LDAP, and more. This allows you to customize the solution to meet the specific needs of the organization. You can also create connections to other applications with Google* Web Toolkit or Microsoft* Silverlight*. Using the APIs, OpenText Identity Manager can easily integrate various end-user activities such as password changes, password challenges, and role requests into existing environments, such as a company web portal.

For users to create, modify, and request permission for roles and resources, OpenText Identity Manager provides browser-based interfaces that they can access from workstations or mobile platforms. These interfaces support single sign-on access. Administrators, managers, and resource owners can carry out operational activities such as monitoring open workflows, workflow reassignment, and role and resource management.

OpenText Identity Manager provides an identity integration framework that connects and synchronizes identity information across the organization environment.

The identity integration infrastructure enables administrators to create and modify identity information once and then have that data propagated to all their connected systems. For fast and low-cost deployments, OpenText Identity Manager provides this level of data synchronization through its unique and extensible integration architecture and preconfigured drivers. When the drivers are deployed, Identity Vault maintains driver configurations in a set of directory objects. For information about preconfigured drivers, see the Identity Manager Driver Documentation Website.

OpenText Identity Manager also enables you to define user organizational hierarchies and user groups with the use of its built-in hierarchy and inheritance, as well as native role-based access control. Administrators can easily and quickly use simple policies and access control lists to regulate information access, manage change authorization and enable self-service without heavy credentials.

It also helps you to manage application parameters and entitlements, and to view a history of resource allocations. In addition, it provides delegated administration with permission settings for user management.

OpenText Identity Manager contains a web-based user self-service portal that can be customized. This portal helps you extensively in user management. It gives users and business administrators the ability to perform a variety of identity self-service and roles provisioning tasks, including managing passwords and identity data, initiating and monitoring provisioning and role assignment requests, managing the approval process for provisioning requests, and verifying attestation reports. It includes the workflow engine that controls the routing of requests through the appropriate approval process. For more information, see the OpenText™ Identity Manager CE 24.4 (v4.10) - Administrator’s Guide to the Identity Applications.

The core identity management architecture includes auditing and compliance capabilities. When you bring a resource under identity management, the connection can be leveraged for both provisioning and compliance use, avoiding duplication of integration cost. Its integrated reporting provides the visibility into user entitlements and associated activities for compliance audits, with out-of-the-box support for regulations. The audit service can optionally integrate with OpenText Sentinel for report analysis. For more information, see the OpenText™ Identity Manager CE 24.4 (v4.10) Administrator’s Guide to Identity Reporting.