Identity Manager stores information about how to connect to a resource or system. Resources to which Identity Manager provides access include:
Digital resources, such as the following:
Mainframe security managers
Databases
Directory services (such as LDAP)
Applications
Operating systems
ERP systems (such as SAPTM)
Non-digital or external resources that are external to Identity Manager, such as the following:
Cell phones
Desktop computers
Laptop computers
Security badges
Each Identity Manager resource stores the following kinds of information:
Resource parameters
Identity Manager parameters
Account information (including account attributes and identity template)
There are two ways to assign resources to users. A resource can be assigned to a user directly (this is known as a individual or direct assignment), or a resource can be assigned to a role, which is then assigned to a user (this is a role-based or indirect assignment).
Individual assignment. Individual resources are assigned directly to user accounts.
Role-based assignment. One or more resources are assigned to a role (an Application, Asset, or IT Role). The Application, Asset, or IT Roles are then assigned to a Business Role. Finally, one or more Business Roles are assigned to a user account.
A related Identity Manager object, a resource group, can be assigned to user accounts in the same way resources are assigned. Resource groups correlate resources so that you can create accounts on resources in a specific order. Also, they simplify the process of assigning multiple resources to user accounts.
For more information about resource groups, see Resource Groups.