Chapter 2
Getting Started with Identity Manager
Read this chapter to learn about the Identity Manager graphical interfaces and how you can quickly begin using Identity Manager. Topics covered include:
Identity Manager Interfaces
The Identity Manager system includes three primary graphical interfaces through which users perform tasks:
- Administrator interface
- User interface
- Identity Manager IDE
Identity Manager Administrator Interface
The Identity Manager Administrator interface serves as the primary administrative view of the product. Through this interface, Identity Manager administrators manage users, set up and assign resources, define rights and access levels, and audit compliance in the Identity Manager system.
Interface organization is represented by the following elements:
- Navigation bar tabs — Located at the top of each interface page, these tabs let you navigate major functional areas.
- Subtabs or menus — Depending on your specific implementation, you may see secondary tabs or menus below each navigation bar tab. These subtab or menu selections let you access tasks within a functional area.
In some areas, such as Accounts, tabbed forms divide longer forms into one or more pages, enabling you to navigate them more easily. This is illustrated in Figure 2-1.
Figure 2-1 Identity Manager Administrator Interface
Identity Manager User Interface
The Identity Manager User interface presents a limited view of the Identity Manager system. This view is specifically tailored to users without administrative capabilities.
When a user logs in to the Identity Manager User interface, any pending work items and delegations for the user are displayed on the Home tab, as illustrated in the following figure:
Figure 2-2 User Interface (Home Tab):
The Home tab provides quick access to any pending items. Click an item in the list to respond to a work item request or perform other available actions. After the action has been completed, click Return to Main Menu to go back to the Home page.
A user can perform various activities from the User interface, such as changing their password, performing self-provisioning tasks, and managing work items and delegations.
The following options are available to a user from the User interface:
Work items can include approvals, attestations, or other requested action items generated by Identity Manager.
- Requests — Submit requests for updates to user account resource assignments, role assignments, and resource group membership.
These requests can be performed for the user or their employees.
Use the View subtab on the Requests tab to view the process status details for requests.
- Delegations — View current delegations or specify a delegation.
- Profile — Change your user password or account attributes or perform other self-provisioning tasks using the following subtabs:
- Change Password — Select this option to change your password on a selected resource or all resources.
- Account Attributes — Select this option to change user-editable attributes, such as your account email address. (This is the email address that Identity Manager uses to send out notifications about your account.)
- Authentication Questions — Select this option to change your answers to authentication questions for your user account.
- Access Privileges — Select this option to view the resource assignments (direct or indirect) for this account.
Customizing the User Interface
The User interface is often customized to present a unique, company-specific view and offer custom selections.
If preferred, the navigation in the User interface can be changed from a horizontal-tab view (default) to a vertical tree view. To configure the vertical navigation view, set the following configuration object:
ui.web.user.menuLayout = 'vertical'
For detailed information about customizing and branding the User interface, read Identity Manager Technical Deployment Overview
Identity Manager IDE
The Sun Identity Manager Integrated Development Environment (IDE) provides a graphical view of Identity Manager forms, rules, and workflows. Using the IDE, you create and edit forms that establish the features available on each Identity Manager page. You can also modify Identity Manager workflows, which define the sequence of actions followed or tasks performed when working with Identity Manager user accounts. Additionally, you can modify rules defined in Identity Manager that determine workflow behaviors. The following figure shows the IDE interface.
Figure 2-3 Sun Identity Manager IDE interface
For more information about the IDE and using it to work with Identity Manager forms and workflows, see Identity Manager Workflows, Forms, and Views.
You can also use the Business Process Editor (BPE) to make customizations, if you have it installed with earlier versions of Identity Manager.
Help and Guidance
To successfully complete some tasks, you might need to consult Help and Identity Manager guidance (field-level information and instructions). Help and guidance are available from the Identity Manager Administrator and User interfaces.
Identity Manager Help
For task-related help and information, click the Help button, which is located at the top of each Administrator and User interface page, as depicted in Figure 2-4.
Figure 2-4 Help button in the
Identity Manager interface
At the bottom of each Help window is a Contents link that guides you to other Help topics and the Identity Manager terms glossary.
Finding Information
Use the search feature in the Help window to locate topics and information included in Identity Manager Help and documentation. To search the online documentation, use the following procedure:
- Enter one or more terms in the search area.
- Select to search one of two documentation types. By default, the feature searches online help.
- Online Help — In general, online information provides steps to help you perform a task or complete a form.
- Documentation (Guides) — Identity Manager Guides primarily offer information to help you understand concepts and system objects, as well as complete reference information.
- Click Search.
The search returns linked search results. Use the Previous/Next or First/Last buttons to page through the listed results, as demonstrated in Figure 2-5.
Figure 2-5 Search Results Navigation
Clicking Reset clears the contents of the Help window.
Search Behavior
If you search for more than one word, the search feature returns results that include each word, both words, and variants.
For example, if you enter the following search term:
resource adapter
then the returned results will include matches to the following words:
- resource (and variants)
- adapter (and variants)
- resource and adapter (in any order), with 0 to n intervening words
However, if you include search terms in quotations (for example, “resource adapter”), then the search feature returns only exact matches to that phrase.
Alternatively, you can use advanced query syntax to specifically include, exclude, or order query elements.
Advanced Query Syntax
The Search feature supports advanced query syntax, including:
- Wildcard characters (? and *), which allow you to specify spelling patterns rather than complete words or phrases
- Query operators (AND or OR), which let you determine how to combine query elements
See Appendix B, "Advanced Search for Online Documentation" in this guide for more information about Identity Manager’s advanced documentation search features.
Figure 2-6 Identity Manager Help
Identity Manager Guidance
Identity Manager guidance is brief, targeted help that appears next to many page fields. Its goal is to help you enter information or make selections as you move through a page to perform a task.
This symbol displays next to fields with guidance: 
. Click the symbol to open a window and display its associated information.
Figure 2-7 Identity Manager Guidance
Identity Manager Tasks
The following tasks matrix provides a quick reference to commonly performed Identity Manager tasks. It shows the primary Identity Manager interface location where you will go to begin each task, as well as alternate locations or methods (if available) that you can use to perform the same task.
Table 2-1 Identity Manager Interface Task Reference
|
Managing Identity Manager Users
|
|
To do this:
|
Go to:
|
Or:
|
|
Create and edit users
|
Accounts tab, List Accounts selection
|
Accounts tab, Find Users selection (User Account Search Results page)
|
|
Approve user account creation
|
Work Items tab, Approvals subtab
|
|
|
Set up user authentication (policies)
|
Security tab, Policies selection
|
|
|
Change user passwords
|
Passwords tab, Change User Password selection
|
Accounts tab, List Accounts selection
Accounts tab, Find Users
selection (User Account Search Results page)
Identity Manager User interface
|
|
Reset user passwords
|
Passwords tab, Reset User Password selection
|
Accounts tab, List Accounts selection
Accounts tab, Find Users
selection (User Account Search Results page)
|
|
Find users
|
Accounts tab, Find Users selection
|
Passwords tab, Change User Password selection
|
|
Enable or disable users
|
Accounts tab, List Accounts selection
|
Accounts tab, Find Users
selection (User Account Search Results page)
|
|
Unlock users
|
Accounts tab, List Accounts selection
|
Accounts tab, Find Users
selection (User Account Search Results page)
|
|
Managing Identity Manager Administrators
|
|
To do this:
|
Go to:
|
|
Set up delegated administration (through organizations)
|
Accounts tab, List Accounts selection, Create User page
|
|
Assign capabilities
|
Accounts tab, List Accounts selection, Create or Edit User page Security subtab
|
|
Assign capabilities (through admin roles)
|
Accounts tab, List Accounts selection, Create or Edit User page Security subtab
|
|
Set up approvers (to validate account creation)
|
Accounts tab, List Accounts selection, Create Organization page
Roles tab, Create Roles page
|
|
Configuring Identity Manager
|
|
To do this:
|
Go to:
|
|
Create and manage resources (Resource Wizard)
|
Resources tab
|
|
Manage resource groups
|
Resource tab, List Resource Groups selection
|
|
Create and manage roles
|
Roles tab
|
|
Find roles
|
Roles tab, Find Roles selection
|
|
Edit capabilities
|
Security tab, Capabilities selection
|
|
Create and edit admin roles
|
Security tab, Admin Roles selection, Create/Edit Admin Role page
|
|
Set up email templates
|
Configure tab, Email Templates selection
|
|
Set up password, account, and naming policies; assign policies to organizations
|
Security tab, Policies selection
|
|
Configure Identity Attributes
|
Meta View tab, Identity Attributes selection
|
|
Configure Identity Events
|
Meta View tab, Identity Events selection
|
|
Configure ChangeLogs
|
Meta View tab, ChangeLogs selection
|
|
Loading and Synchronizing Accounts and Data
|
|
To do this:
|
Go to:
|
|
Import data files (such as XML-format forms)
|
Configure tab, Import Exchange File selection
|
|
Load resource accounts
|
Account tab, Load from Resource selection
|
|
Load accounts from file
|
Account tab, Load from File selection
|
|
Compare Identity Manager users with resource accounts
|
Resources tab, Reconcile with Resources selection
|
|
Auditing, Risk Analysis, and Reporting
|
|
To do this:
|
Go to:
|
|
|
Set up audit events to capture, and enable auditing
|
Configure tab, Audit selection
|
|
Run and manage reports
|
Reports tab, Run Reports selection to create, run, and download reports; View Reports to view report results.
|
|
Define and run risk analysis reports
|
Reports tab, Risk Analysis selection
|
|
View graphical reports
|
Reports tab, View Dashboards selection
|
|
Managing Compliance
|
|
To do this:
|
Go to:
|
|
|
Define audit policies
|
Compliance tab, Manage Policies selection
|
|
Assign audit policies
|
Accounts tab, Compliance selection
|
|
Manage compliance violations
|
My Work Items tab, Remediation selection
|
|
Set up Periodic Access Reviews
|
Compliance tab, Manage Access Scans selection
|
|
Monitor Periodic Access Reviews
|
Compliance tab, Access Review selection
|
|
View Audit reports
|
Reports tab, Auditor Report type selection
|
|
Managing Identity Manager Tasks
|
|
To do this:
|
Go to:
|
|
|
Run a defined task (or process)
|
Server Tasks tab, Run Tasks selection
|
|
Schedule a task
|
Server Tasks tab, Manage Schedule selection
|
|
View Task results
|
Server Tasks tab, Find Tasks or All Tasks selection
|
|
Suspend or terminate a task
|
Server Tasks tab, All Tasks selection
|
|
Managing Service Provider Users
|
|
To do this:
|
Go to:
|
|
|
Manage Service Provider Users
|
Accounts tab, Manage Service Provider Users selection
|
|
Manage Service Provider Transactions
|
Server Tasks tab, Service Provider Transactions selection
|
|
Configure Service Provider features
|
Service Provider tab, Edit Main Configuration selection
|
|
Configure Transaction defaults
|
Service Provider tab, Edit Transaction Configuration selection
|
|
Create or edit Service Provider policies
|
Security tab, Policies selection
|
Where to Go from Here
After you become familiar with Identity Manager interfaces and the ways that you can find information, use the following reference to guide you to the topics you want to focus on:
|
Chapter Topic
|
Description
|
|
Chapter 3, "User and Account Management"
|
Describes the Accounts area of the interface and provides procedures for managing user accounts.
|
|
Chapter 4, "Configuration"
|
Describes the configuration tasks and how to set up Identity Manager objects.
|
|
Chapter 5, "Administration"
|
Explains how to create and manage Identity Manager administrators and organizations.
|
|
Chapter 6, "Data Synchronization and Loading"
|
Provides a guide to the features and tools you can use to maintain current data in Identity Manager.
|
|
Chapter 7, "Reporting"
|
Describes the reports and how to generate them.
|
|
Chapter 8, "Task Templates"
|
Describes the Task Templates you can use to configure certain workflow behaviors.
|
|
Chapter 9, "PasswordSync"
|
Describes how to set up the PasswordSync utility to synchronize password changes in Windows Active Directory and Windows NT domains with changes with Identity Manager.
|
|
Chapter 10, "Security"
|
Describes the security features and how to use them.
|
|
Chapter 11, "Identity Auditing"
|
Describes how to define audit policies and manage compliance.
|
|
Chapter 12, "Audit Logging"
|
Describes the audit logs and how the auditing system works.
|
|
Chapter 13, "Service Provider Administration"
|
Describes features for managing service provider users.
|
|
Appendix A, "lh Reference"
|
Describes commands available from the Identity Manager command line.
|
|
Appendix B, "Advanced Search for Online Documentation"
|
Instructions for using advanced queries in the online help to search the Identity Manager documentation.
|
|
Appendix C, "Audit Log Database Schema"
|
Audit data schema values for the supported database types and audit log database mappings
|
|
Appendix D, "Active Sync Wizard"
|
Used to configure Active Synchronization for versions of Identity Manager prior to 7.0.
|
