NetIQ Identity Manager - Administrator’s Guide to the Identity Applications

  NetIQ Identity Manager - Administrator’s Guide to the Identity Applications
    Overview
      Introduction to the Individual Identity Applications Components
        Identity Manager Dashboard
        Identity Applications Administration
        Understanding Entities
        Identity Manager Client Settings
        Identity Manager Workflows
        Identity Reporting
        Identity Applications Security and Password Management
        Identity Applications
      Types of User Categories in Identity Applications
        Administrative Users
        Administrator and Manager Categories
        Designers
        Business Users
      Understanding the Functionality of the Identity Applications
        Enabling Self-Service Activities for Users
        Providing Permissions to Users
        Ensuring Permission Assignments Comply with Your Standards
        Design and Configuration Tools
      Understanding the Back-end Functions for the Identity Applications
        User Interfaces
        Directory Abstraction Layer
        Workflow Engine
        SOAP Endpoints
        Application Server
        Database
        User Application Driver
        Role and Resource Service Driver
        Multi-Threaded Role and Resource Service Driver
        Designer for Identity Manager
        iManager
        Identity Manager Engine
        Identity Vault
    Preparing the Identity Applications for Use
      Understanding the Design Needs
        Design Constraints
        High Availability Design
      Configuring Security in the Identity Applications
        Understanding Security in the Identity Applications Environment
        Using Secure Sockets for Identity Applications Connections to the Identity Vault
        Enabling SSL for User Access
        Enabling SOAP Security
        Enabling Authentication
        Encrypting Sensitive Identity Applications Data
        Preventing XSS Attacks
        Modifying Trustee Rights
        Updating a Password for a Database User on Tomcat
      Assigning the Identity Applications Administrators
        Understanding the Administrators of the Identity Applications
        Changing the Default Administrator Assignments after Installation
      Setting Up Logging in the Identity Applications
        How Logging Services Help
        What Can Be Logged
        How Logging Works
        Types of Log Files
        Understanding the Log Format
        Configuring Logging
        Configuring Logging in a Cluster
        Enabling Sentinel Logging
        Using Log Files for Troubleshooting
        Log Events
      Tuning the Performance of the Applications
        Increasing the Heap Size
        Increasing the Stack Size for Recursive Workflows
        Ensuring Concurrent Access from Multiple Clients
        View Request Status Search Limit
        Decreasing the LDAP Socket Cleanup Interval
        Optimizing LDAP Connection with Identity Vault
        Indexing Attributes in the Identity Vault
        Enabling Compound Index on Identity Vault Attributes
        Managing the eDirectory Database Cache Objects Retrieved from the Identity Vault Server
      Customizing the Identity Applications for Your Enterprise
        Linking the Dashboard to External Applications
        Customizing the Look of the User Interfaces
        Localizing the Text in the Interfaces
        Adding a Language to the Identity Applications
        Configuring User Names
        Configuring Email Notification Templates for the Dashboard
        Configuring Forgot Password? Functionality
        Ensuring that Characters Display Properly in Role Report PDF Files
        Ensuring that Dates Display Correctly in Norwegian
        Configuring Client Settings Mode
        Copying the Client Settings
        Copying the Workflow Migration
        Changing Identity Applications Client Settings
        Customizing the Organization Chart View
      Setting Up the Dashboard for Identity Applications
        Checklist for Setting Up the Dashboard for Identity Applications
      Configuring a Multi-Threaded Role and Resource Service Driver
        How the Driver Works
        Prerequisites
        Defining a Unique Data Set
        Modifying the Default Mapping Table Object
        Configuring the Driver
        Deploying the Driver
        Limitations
        Troubleshooting
      Configuring Identity Applications Clustering and Permission Clustering
        Configuring Identity Applications Clustering to Use TCP or UDP
        Configuring Permission Clustering to Use TCP or UDP
    Identity Applications Administration
      Creating and Managing Roles
        Listing Roles
        Creating a New Role
        Editing Roles
        Creating a Workflow For a Role
        Managing the Role and Resource Service Driver
        List of Stop Words Ignored In Search Query
      Creating and Managing Resources
        Listing Resources
        Creating a New Resource
        Editing Resources
        Creating a Workflow for a Resource
        Enabling Drivers for Resource Mappings
        Creating a List to Improve Resource Request Forms
      Adding Workflow to Roles and Resources
        Adding a Workflow
        System Templates and Template Forms
        Custom Templates
        Recommendations
      Creating and Managing Delegations
      Separation of Duties Constraints
        Role Assignments
        Resource Assignments
      Using Controlled Permission Reconciliation Services
        How CPRS Helps
        Prerequisites
        Considerations for Supported Drivers
        Understanding the Components of CPRS
        Managing Permission Reconciliation Settings
        Permission Reconciliation
        Migrating to CPRS
      Configuring Identity Applications Default Settings
        Configuring Roles and Resources Settings
        Configuring Delegation and Proxy Settings
        Configuring Permission Reconciliation Settings
        Configuring Logging Settings
        Configuring Caching and Cluster Settings
        Assigning Administrators in Identity Applications
        Configuring Workflow Engines and Cluster Settings
        Viewing User Application Driver Status
        Configuring the Default Provisioning Display Settings
        Configuring the Identity Governance Settings
      Configuring Email-Based Approval
      Configuring and Managing Objects for Entities
        Listing the Objects
        Creating an Object
        Editing an Object
        Deleting an Object
        Exporting to CSV
        Viewing the Organization Chart of an Object
    Configuring and Managing Provisioning Workflows
      Configuring the User Application Driver to Start Workflows
        About the User Application Driver
        Setting Up Workflows to Start Automatically
      Managing Provisioning Request Definitions
        About the Provisioning Request Configuration Plug-in
        Working with the Installed Templates
        Configuring a Provisioning Request Definition
      Managing Provisioning Workflows
        About the Workflow Administration Plug-in
        Managing Workflows
        Configuring the Email Server
        Working with Email Templates
        Allowing a Named Password to be Retrieved over LDAP
    Web Service Reference
      Provisioning Web Service
        About the Provisioning Web Service
        Developing Clients for the Provisioning Web Service
        Provisioning Web Service API
      Metrics Web Service
        About the Metrics Web Service
        Metrics Web Service API
        Metrics Web Service Examples
      Notification Web Service
        About the Notification Web Service
        Notification Web Service API
        Notification Example
      Directory Abstraction Layer (VDX) Web Service
        About the Directory Abstraction Layer (VDX) Web Service
        VDX Web Service API
        VDX Example
      Role Web Service
        About the Role Web Service
        Role API
        Role Web Service Examples
      Resource Web Service
        About the Resource Web Service
        Resource Web Service Interface
        Resource Web Service Examples
      Forgot Password Web Service
        About the Forgot Password Web Service
        Password Management Web Service Interface
        ForgotPasswordWSBean
    Configuring Single Sign-on Access in Identity Manager
      Preparing for Single Sign-on Access
      Using Self-Service Password Management in Identity Manager
        Understanding the Default Self-Service Process
        Understanding Authentication with One SSO Provider
        How OSP Works with Identity Manager
      Using One SSO Provider for Single Sign-on Access in Identity Manager
        Preparing eDirectory for Single Sign-on Access
        Modifying the Basic Settings for Single Sign-on Access
        Configuring Self Service Password Reset to Trust OSP
      Using NetIQ Access Manager for Single Sign-On
        Understanding Third-Party Authentication and Single Sign-On
        Using SAML Authentication for Single Sign-on
        Reverse Proxy Based Single Sign-On
      Configuring Single Sign-On to Work With Active Directory Federation Service
        Requirements for Configuring OSP to Work with AD FS
        Configuring OSP to Provide SAML Authentications to AD FS
      Using Kerberos for Single Sign-On
        Configuring the Kerberos User Account in Active Directory
        Configuring the Identity Applications Server
        Configure the End-User Browsers to Use Integrated Windows Authentication
        Logging In Using the Name Password Form
      Integrating Single Sign-on Access with Identity Governance
        Ensuring Rapid Response to Authentication Requests
        Configuring Identity Governance for Integration
        Configuring Identity Manager for Integration
      Verifying Single Sign-on Access for the Identity Applications
      Using SSL for Secure Communication
        Checklist for Ensuring SSL Connections
        Creating a Keystore and Certificate Signing Request
        Enabling SSL with a External CA Signed Certificate
        Enabling SSL with a Self-signed Certificate
        Enabling SSL Between Sentinel and Identity Manager Components
        Updating the SSL Settings for the Application Server
        Updating the SSL Settings in the Configuration Utility
        Updating the SSL Settings for Self Service Password Reset
    REST Services
      Use Cases for Identity Applications REST API
    Troubleshooting
      Using Log Files for Troubleshooting
      Troubleshooting E-Mail Based Approval Issues
      Troubleshooting Self Service Password Reset Issues
      Troubleshooting Authentication Issues
      Troubleshooting General Issues
      Troubleshooting Multi-Threaded Role and Resource Service driver Issues
      Troubleshooting Resource Weightage Related Errors
    Appendix
      Configuring the Identity Manager Approvals App
        Product Requirements
        Setting Up the Approvals App
        Optimizing Designer Forms for the Approvals App
        Understanding Language Support in the Approvals App
      Schema Extensions for the Identity Applications
        Attribute Schema Extensions
        Objectclass Schema Extensions
        Resource Definition Object (nrfResource)
        Resource Request Object (nrfResourceRequest)
        Role Definition Object (nrfRole)
        Request Object (nrfRequest)
        Role-Resource Configuration (nrfConfiguration)
        Resource Binding to Users (nrfIdentity)
        Resource Containers
      JavaScript Search API
        Launching a Basic Search using the SearchListPortlet
        Creating a New Query using the JavaScript API
        Performing an Advanced Search Using a JSON-formatted Query
        Retrieving all Saved Queries for the Current User
        Running an Existing Saved Query
        Performing a Search on All Searchable Attributes
      Trouble Shooting
        Permgen Space Error
        Email Notification Templates
        Org Chart and Guest Access
        Provisioning Notification
        javax.naming.SizeLimitExceededException
        Linux Open Files Error
      Workflow Service
        How is the Separate Workflow Engine Installed?
        Features
        Interaction with Identity Vault
        OAuth-Based Authentication
        Location of Workflow Definitions
        Email Based Approval
        Email Mail Integration
        Workflow States
        Support for Existing Forms and Forms Created in the Workflow Form Builder
        Creating a Provisioning Request Definition to Use a Form Created in the Form Builder
        Support for Migrating Legacy Workflow Forms to the Forms Created in the Workflow Form Builder
        Guidelines for Enabling Workflow Logging
        Initiating a Workflow Process
    Legal Notice