Sun Identity Manager 8.1 Business Administrator's Guide


This guide describes how to use the SunTMIdentity Manager (Identity Manager) software to provide secure user access to your enterprise information systems and applications. It illustrates procedures and scenarios to help you perform regular and periodic administrative tasks with the Identity Manager system.

Who Should Use This Book

This Sun Identity Manager 8.1 Business Administrator's Guide guide is intended for use by administrators, software developers, and IT service providers who implement an integrated identity management and web access platform using Identity Manager servers and software.

An understanding of the following technologies will help you apply the information discussed in this book:

Before You Read This Book

Identity Manager is a component of Sun Java Enterprise System, a software infrastructure that supports enterprise applications distributed across a network or Internet environment. You should be familiar with the documentation provided with Sun Java Enterprise System, which can be accessed online at

Because Identity Manager Directory Server is used as the data store in an Identity Manager deployment, you should be familiar with the documentation provided with that product. Directory Server documentation can be accessed online at

How this Book is Organized

This guide is organized into the following chapters and appendices:

Chapter 1, Identity Manager Overview describes how Identity Manager and the different Identity Manager objects help you manage administrative challenges in your dynamic working environment.

Chapter 2, Getting Started with the Identity Manager User Interface describes how to use Identity Manager's graphical user interface.

Chapter 3, User and Account Management describes how to create and manager users by using the Administrator interface.

Chapter 5, Roles and Resources contains information to help you understand Identity Manager roles and resources.

Chapter 4, Configuring Business Administration Objects contains information and procedures to help you set up and maintain Identity Manager business administration objects, such as policies, email templates, audit groups and events, and more.

Chapter 6, Administration describes how to use the Administrator interface to perform different administrator-level tasks. In addition, this chapter contains information about using roles, administrative roles, and capabilities.

Chapter 7, Data Loading and Synchronization describes how to use Identity Manager's data loading and synchronization features to keep your data current.

Chapter 8, Reporting introduces Identity Manager report types and explains how to create and manager reports.

Chapter 9, Task Templates introduces Identity Manager task templates and how to use them to configure workflow behaviors.

Chapter 10, Audit Logging describes Identity Manager's auditing system.

Chapter 11, PasswordSync describes how to install, configure, and use the PasswordSync feature to detect and synchronize password changes.

Chapter 12, Security describes how you can use Identity Manager to manage system security.

Chapter 13, Identity Auditing: Basic Concepts introduces identity auditing concepts and audit controls.

Chapter 14, Auditing: Audit Policies describes how to create and manage audit policies by using the Audit Policy Wizard.

Chapter 15, Auditing: Monitoring Compliance describes how to perform audit reviews and manage compliance with federally mandated regulations.

Chapter 16, Data Exporter introduces the Data Exporter feature and explains how to use this feature to write information about users, roles, and other object types to an external data warehouse.

Chapter 17, Service Provider Administration describes how to configure and administer the Service Provider feature.

Appendix A, lh Reference explains how to use the Identity Manager command line interface.

Appendix B, Audit Log Database Schema contains information about audit data schema values for supported database types and audit log mappings.

Appendix C, User Interface Quick Reference provides a quick reference indicating how to accomplish commonly performed tasks in Identity Manager.

Appendix D, Capabilities Definitions provides a quick reference describing the task-based and functional capabilities you can assign to users

Related Books

Sun provides additional documentation and information to help you install, use, and configure Identity Manager. The Sun Identity Manager 8.1 library includes the following publications:

Primary Audience 



All Audiences 

Sun Identity Manager Overview

Provides an overview of Identity Manager features and functionality. Provides product architecture information and describes how Identity Manager integrates with other Sun products, such as Sun Open SSO Enterprise and Role Manager. 

Sun Identity Manager 8.1 Release Notes

Describes known issues, fixed issues, and late-breaking information not already provided in the Identity Manager documentation set. 

System Administrators 

Sun Identity Manager 8.1 Installation

Describes how to install Identity Manager and optional components such as the Sun Identity Manager Gateway and PasswordSync. 

Sun Identity Manager 8.1 Upgrade

Provides instructions on how to upgrade from an older version of Identity Manager to a newer version.  

Sun Identity Manager 8.1 System Administrator’s Guide

Contains information and instructions to help system administrators manage, tune, and troubleshoot their Identity Manager installation. 

Business Administrators 

Sun Identity Manager 8.1 Business Administrator’s Guide

Describes how to use Identity Manager's provisioning and auditing features. Contains information on the user interfaces, user and account management, reporting, and more. 

System Integrators 

Sun Identity Manager Deployment Guide

Describes how to deploy Identity Manager in complex IT environments. Topics covered include working with identity attributes, data loading and synchronization, configuring user actions, applying custom branding, and so on. 

Sun Identity Manager Deployment Reference

Contains information on workflows, forms, views, and rules, as well as the XPRESS language.  

Sun Identity Manager 8.1 Resources Reference

Provides information about installing, configuring, and using resource adapters. 

Sun Identity Manager Service Provider 8.1 Deployment

Describes how to deploy Sun Identity Manager Service Provider, and how views, forms, and resources differ from the standard Identity Managerproduct.  

Sun Identity Manager 8.1 Web Services

Describes how to configure SPML support, which SPML features are supported (and why), and how to extend support in the field. 

In addition, the web site enables you to access Sun technical documentation online. You can browse the archive or search for a specific book title or subject.

Documentation Updates

Corrections and updates to this and other Identity Manager publications are posted to the Identity Manager Documentation Updates website:

An RSS feed reader can be used to periodically check the website and notify you when updates are available. To subscribe, download a feed reader and click a link under Feeds on the right side of the page. Starting with version 8.0, separate feeds are available for each major release.

Related Third-Party Web Site References

Third-party URLs are referenced in this document and provide additional, related information.

Note –

Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

Documentation, Support, and Training

The Sun web site provides information about the following additional resources:

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. To share your comments, go to and click Feedback.

Typographic Conventions

The following table describes the typographic conventions that are used in this book.

Table P–1 Typographic Conventions





The names of commands, files, and directories, and onscreen computer output 

Edit your .login file.

Use ls -a to list all files.

machine_name% you have mail.


What you type, contrasted with onscreen computer output 

machine_name% su



Placeholder: replace with a real name or value 

The command to remove a file is rm filename.


Book titles, new terms, and terms to be emphasized 

Read Chapter 6 in the User's Guide.

A cache is a copy that is stored locally.

Do not save the file.

Note: Some emphasized items appear bold online.

Shell Prompts in Command Examples

The following table shows the default UNIX® system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.

Table P–2 Shell Prompts



C shell 


C shell for superuser 


Bourne shell and Korn shell 


Bourne shell and Korn shell for superuser