1.1 Synchronizing Identity Information
Identity Manager lets you synchronize, transform, and share information across a wide range of connected systems, such as SAP, PeopleSoft, Microsoft SharePoint, Lotus Notes, Microsoft Exchange, Microsoft Active Directory, NetIQ eDirectory, Oracle, among many others. Figure 1-1 represents how Identity Manager synchronizes information with multiple systems.
Figure 1-1 Identity Manager Connecting Multiple Systems
Identity Manager lets you do the following activities:
-
Control the flow of data among the connected systems.
-
Determine what data is shared, which system is the authoritative source for a piece of data, and how the data is interpreted and transformed to meet the requirements of other systems.
In the following diagram, the Lotus Notes system is the authoritative source for a user’s e-mail address. The SAP HR database also uses e-mail addresses, so Identity Manager transforms the e-mail address into the required format and shares it with the SAP HR database. When the e-mail address changes in the Lotus Notes system, it is synchronized to the SAP HR database.
If an administrator of the SAP HR database changes a user’s e-mail address in that system, the change has no effect because the change must be made to the Lotus Notes system to be effective. Identity Manager uses filters to specify authoritative sources for an item.
-
Synchronize passwords between systems. For example, if a user changes his or her password in Active Directory, Identity Manager can synchronize that password to other connected systems. For example, Lotus Notes, SAP, or Oracle.
-
Create new user accounts and remove existing accounts in connected systems. For example, when you hire a new employee in the SAP HR application, Identity Manager can automatically create a new user account in other connected systems.
Figure 1-2 User Account Creation in Connected Systems
