There are four major components and artifacts used to track account identities and the status of those accounts:
The DirXML-Accounts attribute tracks and stores the different account identifiers, if account tracking is enabled. It is created on each account when the account is synchronized to the Identity Vault. For example, John Smith has an account in Active Directory and in an LDAP directory. Table 1-1 shows that the DirXML-Accounts attribute stores the different identifiers for John’s account. Active Directory has four different account identifiers for the same account and the LDAP directory has one.
Table 1-1 Contents of the DirXML-Accounts Attribute
This allows for correlation between all of the account identities in the systems managed by Identity Manager. Business policies can be validated with this information. For more information, see Section 5.0, Configuring Account Tracking.
The Sentinel driver is an Identity Manager driver that sends the account identifier and the account status from the Identity Vault to the Identity Vault Collector. The account identifier data is used to track the accounts, the status of the identities, and the account access information.
The Sentinel driver tracks the following status:
Add
Modify
Delete
Rename
Move
A Sentinel Collector performs functions such as remote protocol connections and data mapping. The Identity Vault Collector is designed to provide data collection services for the Identity Vault. It parses, normalizes, and enhances data received from the Sentinel driver. The Identity Vault Collector writes the data sent from the Identity Vault to the data store. This data is used in conjunction with other Sentinel Collectors to track accounts and validate business policies.
Custom events are audit events generated by policies in each driver and sent to the Platform Agent via the Metadirectory engine. The Platform Agent forwards these events to Sentinel. Sentinel stores the events for analysis to see if business policies are being broken. You can run reports to see what business policies are being kept and which policies are not.
In the past, Sentinel tracked Add, Delete, and Modify events. Sentinel could report on how many events occurred, but not if that event was supposed to occur. The custom events track granting and revoking of entitlements. The entitlements generate Add, Delete, or Modify events. Sentinel tracks which entitlement generated the Add event, and the reports show when and why an Add event occurred, instead of just when an Add event occurred.
For more information, see Section 9.0, Custom Audit Events.