4.3 Understanding the Components for Managing User Provisioning

This section explains the purpose of the following components:

4.3.1 User Application and Roles Based Provisioning Module

The Identity Manager User Application gives your users and business administrators a view into the information, resources, and capabilities of Identity Manager. The User Application is a browser-based web application that gives the user the ability to perform a variety of identity self-service and roles provisioning tasks. Users can manage passwords and identity data, initiate and monitor provisioning and role assignment requests, manage the approval process for provisioning requests, and verify attestation reports.

The User Application relies on a number of independent components acting together.

The User Application runs on the Roles Based Provisioning Module (RBPM) framework, which includes the workflow engine that controls the routing of requests through the appropriate approval process. These components require the following drivers:

User Application driver

Stores configuration information and notifies the User Application whenever changes occur in the Identity Vault. You can configure the driver to allow events in the Identity Vault to trigger workflows. The driver can also report success or failure of a workflow’s provisioning activity to the User Application so that users can view the final status of their requests.

Role and Resource Service driver

Manages all role and resource assignments. The driver starts workflows for role and resource assignment requests that require approval and maintains indirect role assignments according to group and container memberships. The driver also grants and revokes entitlements for users based on their role memberships. It performs cleanup procedures for completed requests.

Users can access the User Application from any supported web browser. For more information about the User Application and RBPM, see the NetIQ Identity Manager User Application: Administration Guide.

4.3.2 Identity Manager Home and Provisioning Dashboard

NetIQ Identity Manager Home (the Home page) provides a single access point for all Identity Manager users and administrators. It allows access to all existing functionality in RBPM and the User Application, as well as provides additional user-oriented features. When creating the content for the Home page, administrators have the following options:

  • Customize the Home page to display only the items and links that are applicable to each user.

  • Organize the links and items into categories that make sense. For example, add your company-specific links or REST endpoints.

  • Configure items on the Home page to include badges. For example, badges can display how many items of a certain type a user has access to.

Users can access the Home page with any supported web browser, from either a computer or a tablet. For more information, see the NetIQ Identity Manager Home and Provisioning Dashboard User Guide.

The Identity Manager Provisioning Dashboard (the Dashboard) is a personalized view of each user’s permissions, tasks, and requests. Identity Manager Home links to the appropriate location on each user’s Dashboard.

The Dashboard focuses on the following basic areas of functionality:

I want something.

If users need an item, whether the item is a piece of equipment like a laptop or something intangible like access to a particular server or application, they can use the Make a Request option to request that item. To search for an item, the user enters all or part of a search term in the Permissions field.

I need to do something.

If users want to know what tasks they need to manage, My Tasks page shows all of a user’s pending approval or provisioning tasks in the Identity Manager system.

What do I have?

If users want to see everything they can currently access, the My Permissions page provides a list of the roles and resources to which they have access.

How did I get it?

If users want to see a list of past requests, the History page shows everything that they have requested recently, as well as the status of all their pending requests.