Delegating Administration

To successfully distribute responsibility for user identity management, you need the right balance of flexibility and control. By granting select Identity Manager users administrator privileges and delegating administrative tasks, you reduce your overhead and increase efficiency by placing responsibility for identity management with those who know user needs best, such as a hiring manager. Users with these extended privileges are called Identity Manager administrators.

Delegation only works, however, within a secure model. To maintain an appropriate level of control, Identity Manager lets you assign different levels of capabilities to administrators. Capabilities authorize varying levels of access and actions within the system.

The Identity Manager workflow model also includes a method to ensure that certain actions require approval. Using workflow, Identity Manager administrators retain control over tasks and can track their progress. For detailed information about workflow, see Chapter 2, Workflow, in Sun Identity Manager Deployment Reference.