The Identity Manager identity applications are an interconnected set of browser-based Web applications. They enable your organization to manage the user accounts and permissions associated with the wide variety of roles and resources available to users. You can configure the identity applications to provide self-service support for your users, such as requesting roles or changing their passwords. You can also set up workflows to improve the efficiency in managing and assigning roles and resources.
The following components comprise the identity applications:
Identity Manager Dashboard serves as the primary entry portal to the identity applications. From here, as a user you can perform the following activities:
Manage your profile settings and password
Review and complete your tasks, such as approving user requests for access
Request permissions for roles, resources, or processes
Review the status and history of your requests for permissions
Find other users in your organization
As a user with an appropriate administrator role, you can perform the following tasks:
Create and modify user profiles
Create and modify teams that represent sets of users and groups that can perform provisioning requests and approval tasks associated with the teams
Catalog Administrator serves as the primary method for managing roles and resources associated with the various connected systems in organizations managed by Identity Manager. Although the catalog is not a unique database or a set of files, it encompasses all information about roles, resources, and the relationship between them.
If you have the Role Administrator entitlement, you can perform the following tasks:
Create, remove, and modify roles.
Establish the process for the approving and revoking the role.
Create roles and role relationships within the roles hierarchy.
Create, remove, and modify separation of duty (SoD) constraints to manage potential conflicts among roles.
Browse the list of roles created.
Find out which role is associated with which container.
If you have the Resource Administrator entitlement, you can perform the following tasks:
Create new resources, either from an entitlement or without an entitlement.
Remove and modify resources.
Establish the process for the approving and revoking resource.
Associate resources to roles or a role that is part of other role, group, or a container in your organization.
Browse the list of resources.
Find out which resource is associated with which container.
Catalog Administrator provides a more up-to-date method for managing roles and resources than the User Application’s role and resource functionality. However, it does not support assigning permissions or ownership for the roles and resources.
Originally, the User Application was part of the Roles Based Provisioning Module (RBPM). Some of the RBPM functions have been moved to the Dashboard and Catalog Administrator. The User Application continues to provide the following functions that do not yet exist in the other two components:
Create groups of users, usually associated with their position in your organization, such as the Finance Department.
Map role and resources assignments to resources within your organization, such as user accounts, computers, and databases.
Assign ownership to and configure the methods for approving roles and resources.
Configure password management settings so users can reset their own passwords.
Ensure that your organization has a method for verifying that personnel are fully aware of organizational policies and are taking steps to comply with these policies.
Ensure that access to corporate resources complies with organizational policies and that provisioning occurs within the context of the corporate security policy. You can grant users access to identity data within the guidelines of corporate security policies.
Create workflows to reduce the administrative burden of entering, updating, and deleting user information across all systems in the enterprise. These workflows provide a Web-based interface for users to manipulate distributed identity data that triggers workflows as necessary.
Support complex workflows and manage manual and automated provisioning of identities, services, resources, and assets.
You can establish a manual provisioning process by creating workflows that route provisioning requests to one or more authorities. For automated provisioning, you can configure the User Application to start workflows automatically in response to events occurring in the Identity Vault. The Dashboard can trigger a workflow when users request permission.