11.1 What’s New in Identity Manager 4.0.2

11.1.1 New Drivers

The following new drivers are included with Identity Manager 4.0.2:

  • Bidirectional eDirectory Driver: The Identity Manager bidirectional eDirectory driver synchronizes data between the Identity Vault and eDirectory. For more information, see Identity Manager 4.0.2 Driver for Bidirectional eDirectory Implementation Guide.

  • Sentinel Identity Tracking Driver Implementation Guide: The Sentinel Identity Tracking Driver provides integration with Identity Manager and Sentinel to track user account information. Each user account can have multiple account identifiers for each system in the Identity Manager solution. The driver tracks each account identifier and sends that information to Sentinel. Sentinel can run reports to correlate each account identifier with a specific user. For more information, see Driver for Sentinel Implementation Guide.

Entitlement Feature for Edirectory Driver

The eDirectory driver includes configuration files that contain entitlements and the policies required to implement them. The entitlements support the most common scenarios, including granting and revoking user accounts and group membership.For more information about entitlements, see the Identity Manager 4.0.2 Entitlements Guide.

11.1.2 Password Management Features

Password Policy Enhancements

Identity Manager now supports three new password policy syntax options:

  • Use Microsoft Complexity Policy

  • Use Microsoft Server 2008 Password Policy

  • Use Novell Syntax

For more information, see the Understanding Password Management section in the Identity Manager 4.0.2 Password Management Guide.

11.1.3 Role Mapping Administrator Features

Code Map Synchronization

Identity Manager 4.0.2 provides facilities for keeping the code map tables synchronized between the Role Mapping Administrator and the Roles Based Provisioning Module. While creating mappings in the Role Mapping Administrator, you can trigger a code map refresh in either the Role Mapping Administrator or the Roles Based Provisioning Module if a mismatch is discovered in the code maps. A code map refresh can run for a long time if executed for all drivers and entitlements. Therefore, the Role Mapping Administrator gives you the ability to trigger a refresh for only the entitlements for which a mismatch was discovered. The Roles Based Provisioning Module also provides new SOAP endpoints for triggering code map refreshes. For more information on the changes to the Role Mapping Administrator, see Creating Role Resource Mappings in the Novell Identity Manager Role Mapping Administrator 4.0.2 User Guide. For more information on the new SOAP endpoints, see Resource Web Service in the User Application: Administration Guide.

Resource Creation Settings for the Role Mapping Administrator

The Role Mapping Administrator now provides several resource creation settings that enable you to prefix the driver name and logical system name when generating resources. The resource creation settings also allow you to select a resource category for automatically generated resources. For more information, see Customizing the Resource Names in the Novell Identity Manager Role Mapping Administrator 4.0.2 User Guide.

11.1.4 Roles Based Provisioning Module Features

Approval Processes for Role Revocation

The Roles Based Provisioning Module now provides support for the use of approval processes with role revocation. The approval process used for role revocation requests, as well as the list of approvers, is the same as for role grant requests. If you have indicated that you want the approval process to execute the standard role assignment approval definition, this process will be used. Alternatively, you can specify a custom approval process for both role grant requests and role revocation requests. For more information, see Defining the Approval Process for a Role in the User Application: User Guide.

Optimization for Role Delete Operations

The Roles Based Provisioning Module has optimized the process of deleting roles. When you instruct the User Application to delete a role, it first sets the role status to Pending Delete. The Role and Resource Service driver then notes the change of status and performs the following steps:

  1. Removes the resource assignments for the role.

  2. Deletes the role.

For more information, see Deleting Roles in the User Application: User Guide.

SAML Support for 64-bit Platforms

SAML support for single sign-on has been added for 64-bit Linux and Windows platforms. For more information, see Single Sign-On (SSO) Configuration in the User Application: Administration Guide.

11.1.5 Identity Reporting Module Features

Support for EAS on Red Hat Enterprise Linux

The Event Auditing Service (EAS) now runs on Red Hat Enterprise Linux 5.7 and 6.0 (32-bit and 64-bit).

New Role Hierarchy Report

The Role Hierarchy Report has been added to the Identity Reporting Module. This report displays the contents of the role hierarchy, as well as the resources associated with each role. For more information, see Role Hierarchy in the Using Identity Manager 4.0.2 Reports.

Ability to Purge Historical Data from the Reporting Database

The Identity Reporting Module now provides the ability to purge historical data from the reporting database. When the reporting module executes a data purge operation, it only purges data from the history tables that is older than the retention value you specify. Any historical data that is more recent than the retention interval permits will be retained. The purge operation does not remove any of the current state data. For more information, see Configuring Settings and Data Collection in the Identity Reporting Module Guide.

11.1.6 Designer Features

REST Activity Support for Workflows

Designer 4.0.2 now includes a new activity in the Provisioning Request Definition editor that enables users to call REST endpoints or resources when processing workflow data. Using the REST activity, workflows can exchange data with REST services both inside and outside of the organization, and users can use data received from a REST service as decision support information on approval forms.

For more information, see the Rest Activity section in the User Application: Design Guide.

Integration Activity Improvements for Workflows

Designer 4.0.2 provides several improvements to the Integration activity in the Provisioning Request Definition editor, including resolving animation issues and reducing the size of deployed PRDs. In addition, the Integration activity now allows users to more easily generate SOAP requests for the activity using the Designer user interface.

For more information, see the Adding an Integration Activity section in the User Application: Design Guide.

Performance Improvements in Designer

Designer 4.0.2 provides several performance improvements, including enhanced performance while using the different editors included in the product, improved rendering of configuration pages in the user interface, improved Project Checker speed, and resolved memory issues. For more information, open Designer 4.0.2 and click Help > What’s New in the toolbar.

Designer Optimization for Optional Import of Roles and Resources

Instead of being required to automatically import large numbers of roles and resources from the Identity Vault when they configure a project in Designer, users can now configure Designer to not automatically import the Role Catalog. If a user does not need to import roles or resources, they can select the Do not import role catalog (excluding system roles) option in the Novell > Provisioning > Import/Deploy page of the Designer Preferences. Designer will then not automatically import the Role Catalog, saving users time and avoiding the need to manage those roles and resources in Designer.

For more information, see the Configuring Roles section in the User Application: Design Guide.

Removal of Unused Packages from the Package Catalog in Designer

If a user has a large number of unnecessary packages imported into the Package Catalog of a project, Designer 4.0.2 provides the option to clean up unused packages from the Catalog, removing any imported packages that are not installed on any driver, driver set, or Identity Vault from the project.

For more information, see the Removing Packages from the Package Catalog section in the Designer 4.0.2 for Identity Manager 4.0.2 Administration Guide.

11.1.7 Analyzer Features

Performance Improvements in Analyzer

Analyzer 4.0.2 offers improved performance by using the batching feature with MySQL database server. Analyzer can now import a million records at one time into the Analyzer database. For more information, see Database Settings in the Analyzer 4.0.2 for Identity Manager Administration Guide.