The following sections contain information about the key driver features.
A local installation is an installation of the driver on the Identity Manager server. The PUM driver can be installed on the Windows or Linux supported for the Identity Manager server.
For more information about local installations, see Section 2.2, Where to Install the PUM Driver.
For additional information about system requirements, see System Requirements
in the Identity Manager 4.0.2 Framework Installation Guide.
The PUM driver can use the Remote Loader service to run on a Windows or a Linux server other than the Identity Manager server.
For more information about remote installations, see Section 2.2, Where to Install the PUM Driver.
For additional information about system requirements, see System Requirements
in the Identity Manager 4.0.2 Framework Installation Guide.
The PUM driver supports entitlements. Entitlements make it easier to integrate Identity Manager with the Identity Manager User Application and Role-Based Services in eDirectory. In the User Application, an action such as provisioning a user to a PUM UserGroup is delayed until the proper approvals have been made. In Role-Based Services, rights assignments are made based on attributes of a user object and not by regular group membership. Both of these services offer a challenge to Identity Manager because it is not obvious from the attributes of an object whether an approval has been granted or the user matches a role.
Entitlements standardize a method of recording this information on objects in the Identity Vault. From the driver perspective, an entitlement grants or revokes the right to perform a task in PUM. You can use entitlements to control PUM UserGroup membership. The driver is unaware of the User Application. It depends on the User Application server or the Entitlements driver to grant or revoke the entitlement for a user based upon its own rules.
UserGroup: This entitlement grants or denies membership to a UserGroup in Privileged User Manager. When the entitlement is revoked, Identity Manager removes the user membership from the UserGroup.
If an administrator assigns a resource to a user in the User Application or in iManager, that change is reflected in PUM server.
The NOVLPUMENT_2.0.0.xxxxxx.jar package contains the Entitlement contents for PUM.
For more information about entitlements, see the Identity Manager 4.0.2 Entitlements Guide.
The PUM driver supports password synchronization on the Subscriber channel only. Passwords are not synchronized on the Publisher channel. You can send passwords from the Identity Vault to the connected PUM server.
Password synchronization is used synchronize passwords of the DirXML-PUMCredential objects from the Identity Vault to the target PUM server. When these account objects are created in eDirectory the Identity Vault, passwords are synchronized to the target PUM servers through on the Subscriber channel.
The PUM driver synchronizes Privileged Account Domains and Credentials objects from the Identity Vault to the PUM server.