The following new drivers are included with Identity Manager 4.0.2:
Bidirectional eDirectory Driver: The Identity Manager bidirectional eDirectory driver synchronizes data between the Identity Vault and eDirectory. For more information, see Identity Manager 4.0.2 Driver for Bidirectional eDirectory Implementation Guide.
Sentinel Identity Tracking Driver Implementation Guide: The Sentinel Identity Tracking Driver provides integration with Identity Manager and Sentinel to track user account information. Each user account can have multiple account identifiers for each system in the Identity Manager solution. The driver tracks each account identifier and sends that information to Sentinel. Sentinel can run reports to correlate each account identifier with a specific user. For more information, see Driver for Sentinel Implementation Guide.
The eDirectory driver includes configuration files that contain entitlements and the policies required to implement them. The entitlements support the most common scenarios, including granting and revoking user accounts and group membership.For more information about entitlements, see the Identity Manager 4.0.2 Entitlements Guide.
Identity Manager now supports three new password policy syntax options:
Use Microsoft Complexity Policy
Use Microsoft Server 2008 Password Policy
Use Novell Syntax
Identity Manager 4.0.2 provides facilities for keeping the code map tables synchronized between the Role Mapping Administrator and the Roles Based Provisioning Module. While creating mappings in the Role Mapping Administrator, you can trigger a code map refresh in either the Role Mapping Administrator or the Roles Based Provisioning Module if a mismatch is discovered in the code maps. A code map refresh can run for a long time if executed for all drivers and entitlements. Therefore, the Role Mapping Administrator gives you the ability to trigger a refresh for only the entitlements for which a mismatch was discovered. The Roles Based Provisioning Module also provides new SOAP endpoints for triggering code map refreshes. For more information on the changes to the Role Mapping Administrator, see Novell Identity Manager Role Mapping Administrator 4.0.2 User Guide. For more information on the new SOAP endpoints, see User Application: Administration Guide.
The Role Mapping Administrator now provides several resource creation settings that enable you to prefix the driver name and logical system name when generating resources. The resource creation settings also allow you to select a resource category for automatically generated resources. For more information, see Novell Identity Manager Role Mapping Administrator 4.0.2 User Guide.
The Roles Based Provisioning Module now provides support for the use of approval processes with role revocation. The approval process used for role revocation requests, as well as the list of approvers, is the same as for role grant requests. If you have indicated that you want the approval process to execute the standard role assignment approval definition, this process will be used. Alternatively, you can specify a custom approval process for both role grant requests and role revocation requests. For more information, see User Application: User Guide.
The Roles Based Provisioning Module has optimized the process of deleting roles. When you instruct the User Application to delete a role, it first sets the role status to Pending Delete. The Role and Resource Service driver then notes the change of status and performs the following steps:
Removes the resource assignments for the role.
Deletes the role.
The Event Auditing Service (EAS) now runs on Red Hat Enterprise Linux 5.7 and 6.0 (32-bit and 64-bit).
The Role Hierarchy Report has been added to the Identity Reporting Module. This report displays the contents of the role hierarchy, as well as the resources associated with each role. For more information, see Role Hierarchy in the Using Identity Manager 4.0.2 Reports.
The Identity Reporting Module now provides the ability to purge historical data from the reporting database. When the reporting module executes a data purge operation, it only purges data from the history tables that is older than the retention value you specify. Any historical data that is more recent than the retention interval permits will be retained. The purge operation does not remove any of the current state data. For more information, see Identity Reporting Module Guide.
Designer 4.0.2 now includes a new activity in the Provisioning Request Definition editor that enables users to call REST endpoints or resources when processing workflow data. Using the REST activity, workflows can exchange data with REST services both inside and outside of the organization, and users can use data received from a REST service as decision support information on approval forms.
Designer 4.0.2 provides several improvements to the Integration activity in the Provisioning Request Definition editor, including resolving animation issues and reducing the size of deployed PRDs. In addition, the Integration activity now allows users to more easily generate SOAP requests for the activity using the Designer user interface.
Designer 4.0.2 provides several performance improvements, including enhanced performance while using the different editors included in the product, improved rendering of configuration pages in the user interface, improved Project Checker speed, and resolved memory issues. For more information, open Designer 4.0.2 and click> in the toolbar.
Instead of being required to automatically import large numbers of roles and resources from the Identity Vault when they configure a project in Designer, users can now configure Designer to not automatically import the Role Catalog. If a user does not need to import roles or resources, they can select theoption in the > > page of the Designer Preferences. Designer will then not automatically import the Role Catalog, saving users time and avoiding the need to manage those roles and resources in Designer.
If a user has a large number of unnecessary packages imported into the Package Catalog of a project, Designer 4.0.2 provides the option to clean up unused packages from the Catalog, removing any imported packages that are not installed on any driver, driver set, or Identity Vault from the project.
For more information, see the Designer 4.0.2 for Identity Manager 4.0.2 Administration Guide.
Analyzer 4.0.2 offers improved performance by using the batching feature with MySQL database server. Analyzer can now import a million records at one time into the Analyzer database. For more information, see Analyzer 4.0.2 for Identity Manager Administration Guide.