4.3 Understanding the Components for Managing User Provisioning

This section explains the purpose of the following components:

4.3.1 User Application and Roles Based Provisioning Module

The Identity Manager User Application gives your users and business administrators a view into the information, resources, and capabilities of Identity Manager. The User Application is a browser-based web application that gives the user the ability to perform a variety of identity self-service and roles provisioning tasks. Users can manage passwords and identity data, initiate and monitor provisioning and role assignment requests, manage the approval process for provisioning requests, and verify attestation reports.

The User Application relies on a number of independent components acting together.

The User Application runs on the Roles Based Provisioning Module (RBPM) framework, which includes the workflow engine that controls the routing of requests through the appropriate approval process. These components require the following drivers:

User Application driver

Stores configuration information and notifies the User Application whenever changes occur in the Identity Vault. You can configure the driver to allow events in the Identity Vault to trigger workflows. The driver can also report success or failure of a workflow’s provisioning activity to the User Application so that users can view the final status of their requests.

Role and Resource Service driver

Manages all role and resource assignments. The driver starts workflows for role and resource assignment requests that require approval and maintains indirect role assignments according to group and container memberships. The driver also grants and revokes entitlements for users based on their role memberships. It performs cleanup procedures for completed requests.

Users can access the User Application from any supported web browser. For more information about the User Application and RBPM, see the NetIQ Identity Manager - Administrator’s Guide to the Identity Applications.

4.3.2 Identity Manager Dashboard

The Identity Manager Dashboard (the Dashboard) includes a personalized view of each user’s permissions, tasks, and requests. This helps users focus on the following basic areas of functionality:

I want something.

If you need an item, whether the item is a piece of equipment like a laptop or something intangible like access to a particular server or application, you can request that item.

I need to do something.

If you want to know what tasks you need to manage, My Tasks page shows all of your pending approval or provisioning tasks in the Identity Manager system.

What do I have?

If you want to see your current permissions, the My Permissions page provides a list of the roles and resources to which you have access.

How did I get it?

If you want to see a list of past requests, the Requests History page shows everything that you have requested recently, as well as the status of your pending requests.

If you have an administrative role for the identity applications, you can customize the Applications page in the Dashboard for all users. You can configure the page to show items and links that your users need to see, organized into categories that make sense for your enterprise. You can include the following types of items:

  • Identity Manager functions, such as creating groups or running reports

  • Permissions that most users need to request

  • Links to commonly accessed websites or web-based applications

  • REST endpoints

  • Badges, such as the number of items of a certain type that a user can access

Users can access the Dashboard with any supported web browser, from either a computer or a tablet. For more information, see the NetIQ Identity Manager - Administrator’s Guide to the Identity Applications.