Sun Java[tm] System Identity Manager Quick Start Guide |
Chapter 1
WelcomeSun Java System Identity Manager (Identity Manager) provides the tools and capabilities you need to securely automate user provisioning and synchronize identity data for your enterprise. Identity Manager enables you to manage identity profiles and permissions throughout the identity lifecycle, while reducing the costs and complexities typically associated with managing identity data.
This chapter provides a high-level overview of the Identity Manager product and the product installation process. The information is organized into the following sections:
Product OverviewHistorically, providing new employees with access rights to corporate data and technology resources was a time consuming, manual process. After providing initial access, administrators faced continuing challenges (such as forgotten passwords and changing user roles and business relationships). Now, administrators are also required to manage access rights for partners and customers outside of their enterprise. The costs and complexities of managing identity data can be overwhelming.
Identity Manager was developed specifically to help you manage these administrative challenges in a dynamic environment. You can use Identity Manager to distribute identity management overhead and facilitate a solution for your primary challenges: How do I define a user’s access rights? And once defined, how do I maintain flexibility and control?
A secure, yet flexible design lets you set up Identity Manager to accommodate the structure of your enterprise and answer these challenges. When you map Identity Manager objects to the entities you manage – users and resources – you significantly increase the efficiency of your operations.
Identity Manager’s key features:
- Virtual Identity Manager: Works with identity information where it natively resides. Speeds ROI (return on investment) by eliminating the need to create another repository of user data or duplicate/synchronize organizations from native directories.
- Agentless Adapters: Leverages remote management protocols to connect to managed resources. Ensures ROI and increases operational efficiency by making it easier to connect to resources. Also provides a single communication layer for provisioning and synchronization services to ensure lower overall TCO (total cost of ownership).
- ActiveSync: Detects permission- and/or profile-related changes on target systems and synchronizes them with the rest of the environment. Using automation to manage change increases operational efficiency and security.
- Dynamic workflow: Automates approval and notification tasks associated with the process of changing access permissions and changes in identity data. Automated tasks reduce support costs and increase operational efficiency.
- Rules Engine: Enforces business rules by automatically completing access privileges or profile data changes according to corporate policies. Increases operational efficiency and enhances security through automation.
- Auto Discovery: Automatically finds and links identity information from multiple resources including databases and directories into a unified Virtual Identity. Speeds ROI by streamlining rollout requirements for discovering user identity data.
- Smart Forms: Allows non-technical administrators to easily perform complex identity management operations. Increases operational efficiency and improves service to users.
- Directory Genesis: Automates migration of identity data from existing sources into a directory-based infrastructure. Manages legacy and directory environments during the migration period. Minimizes manual actions required to establish new directory services.
- Centralized Password Policy Management: Allows administrators to centrally define and enforce password policies. Enhances security with a central point for password policy enforcement.
- Help Desk Integration: Automatically opens and closes trouble tickets for automated password activity. Integrates with existing infrastructure to track cost savings and performance.
- Pass-through Authentication: Passes through credentials to existing authentication credential stores for password authentication. Increases operational efficiency by leveraging existing authentication infrastructure.
- SPML Toolkit: Allows third parties to SPML-enable their applications and management platforms. Offers an easy-to-use interface for configuring, issuing and interpreting standards-compliant provisioning requests across diverse identity infrastructures. Helps organizations extend secure user access privileges and profile information to dynamic user populations, particularly in Web services environments.
Installing Identity ManagerThis section provides instructions for installing Sun Java System Identity Manager on an Apache Tomcat 5.0 application server with a MySQL 5.0 repository and index database.
Perform the following tasks to install Identity Manager:
- Evaluate your environment.
- Ensure you have administrator privileges on the resource to be managed.
- Install and set up prerequisite software.
- Install and configure Identity Manager software.
Note
If you are using application servers with staging directories, be sure to keep the staging directory used for Identity Manager installation after deploying the product.
- Set up the Sun Identity Manager Gateway (optional).
- Set up PasswordSync (optional).
For some application server types and preferences, these general steps are combined, performed in a different order, or eliminated entirely.
After installing Identity Manager, you are ready to configure Identity Manager. Continue to Chapter 2, "Before You Begin."