NetIQ Identity Manager Quick Start

December 2014

This document provides a task-based view of Identity Manager components and services.

1.0 Planning Your Deployment

Planning is key to customizing Identity Manager to meet the needs of your business environment.

Designers are information technology professionals who act in the role of a designer or architect of identity-based solutions, such as enterprise IT developers, consultants, sales engineers, architects, system designers, and system administrators. Designers should have a strong understanding of directory services, databases, and their information environment.

Components or Tools

  • Designer

4.0 Building Policies

Identity Manager uses policies to manipulate and synchronize data to the different connected systems. Policies control how information flows from one system to another, and under what conditions.


  • Policy Builder in Designer

  • Policy Builder in iManager

5.0 Building Driver Sets and Drivers

Driver sets synchronize data between connected systems according to the rules you set in them. Each driver in a driver set defines the connectivity and data exchanged between two connected systems.

Components or Tools

  • Identity Manager drivers

  • Your custom drivers

6.0 Synchronizing Your Data

NetIQ provides Identity Manager drivers to connect to and synchronize data between various identity directories, applications, and databases that run on different platforms. For each data set, you must configure its related driver to synchronize identity data.

7.0 Roles and Resources

The User Application’s Roles-Based Provisioning Module provides an easy way to assign people to privileges in target systems through their role membership. You can use the Catalog Administrator to manage roles and resources, associate resources to roles, and manage separation-of-duties conflicts between roles.

8.0 Workflows for Provisioning

Roles-based provisioning ensures that access to corporate resources complies with organizational policies and that provisioning occurs within the context of the corporate security policy. Workflows start automatically when a user starts a provisioning request by requesting a resource. The User Application driver listens for events in the Identity Vault, and can be configured to respond to events by starting the appropriate provisioning workflows.

9.0 Self-Service Login and Landing Page

The Login page performs robust user authentication supported by Identity Manager. The Login page redirects to the other password management pages as needed during the login process.

The landing page provides users a personal view of their permissions, tasks, and requests, as well as the ability to make a new request or search for a role or resource among their current permissions. A user can request hardware, access to a particular server, or permission to use a particular application in their environment.

12.0 Email Notification

Identity Manager provides an email notification system to notify administrators or users of actions or results that occur, such as password management, jobs status, and provisioning requests that are pending approval. You can specify triggers and the content of email messages that users receive in response to them.

15.0 Compliance and Attestation

Following the principle of least privilege, NetIQ Access Review helps you ensure that your users have focused access to those applications and resources that they use and cannot access resources that they do not need to access. You can collect user and access information from Identity Manager in a central location, and organize it for review. Users assigned to appropriate global, run-time, or application-specific roles can review all permissions assigned to your users, either individually or as a group, and decide whether those permission assignments are appropriate for your business environment.

16.0 Upgrading Components

You can upgrade Identity Manager components individually. You can upgrade servers one at a time. The driver sets associated with multiple servers continue to work with the different versions as you upgrade the servers.

Library Resources

17.0 Migrating Data to a New Installation

You can migrate existing data in Identity Manager components to a new installation when there is no upgrade path from your current setup.