1.1 How Identity Manager Works

Simply put, data synchronization is the ability to move data that has been changed in one location to a different location. Data synchronization can include password synchronization, but it is not limited to that because Identity Manager can synchronize any data that is stored in a connected system that has access to the Identity Vault.

Data synchronization, including password synchronization, is provided by the five base components of the Identity Manager solution: the Identity Vault, Identity Manager engine, drivers, Remote Loader, and connected applications.

Through the User Application, Identity Manager provides the means to perform such functions as workflow approval, role assignments, attestation, and identity self-service. The User Application is a browser-based Web application that allows you to initiate provisioning and role assignment requests, as well as manage the approval process for these requests.

Workflow approval allows users to request access to networking resources, which can include an approval process involving one or more managers.

Role assignments allow users to receive access to network resources that have been assigned to them. You can receive access to role assignments either at an individual level or at a group membership level.

The Identity Applications Administration interface allows business and security analysts manage roles and resources in Identity Manager. The role and resource management features allows you to view and manage permission assignments across various connected systems in organizations managed by Identity Manager. You can also design roles and map them with resources across connected systems. For more information about roles-based provisioning, see User Application Parameters in the NetIQ Identity Manager Setup Guide for Linux.

The self-service capabilities of Identity Manager allow users to edit their own profiles, search a directory, change their passwords (including password hints and challenge responses), review password status, and, if authorized, create accounts for new users or groups. If you are an administrator, you can also view reports on the applications that are associated with a user.

For more information about Identity Manager’s self-service capabilities, see Managing Your Profile in the NetIQ Identity Manager - User’s Guide to the Identity Applications.

Identity Manager uses a Platform Agent to capture events from the Identity Vault and tracks those events through Sentinel Log Management for IGA (Sentinel). It collects identity information and events from the Identity Vault, administration tools, and Identity Manager.

For more information about Sentinel Log Management for IGA, see Installing Sentinel Log Management for Identity Governance and Administration in the NetIQ Identity Manager Setup Guide for Linux.