17 May 2008
ANS Group Plc Headquarters

Identity Management - Novell Identity Mangement


Quick and Easy User Provisioning
Make sure new employees have access to everything they need to get right down to work. Using Novell Identity Manager, you can provision new employees 95 percent faster, eliminating those tedious, labor-intensive manual procedures that usually accompany the hiring process. Best of all, everything is verifiable, so you can both enforce and prove compliance with all the security policies in place at your company.

Novell Identity Manager provides automated user provisioning throughout the user lifecycle—delivering first-day access to new users, and modifying or rescinding access as necessary across all systems. With Identity Manager you can control user administration costs, eliminate complex manual processes, and enforce security enterprise-wide—all while delivering the right resources so your users can do their jobs.

Novell Identity Manager automates complex provisioning processes so your users have immediate access to resources across the enterprise. With role-based provisioning you can assign resources to your users based on business roles and policies. New employees are granted access to all the resources they need on their first day on the job, and all necessary approval workflows are automated. Identity Manager also makes it easy for business managers and departments to manage their own users' access needs instead of having to rely on a network administrator. When roles change, access rights are updated automatically. And when an employee leaves, access is revoked in real time. With role-based provisioning, systems are never vulnerable, and companies can maintain visibility into how information and resources are being used.

Access Tuned to Changing Needs
Give them exactly what they need, when they need it. Throughout their careers in your organisation, an employees may play many roles. Novell Identity Manager lets you securely and automatically manage the access needs of all your users, even when they change roles and take on new responsibilities.

The Novell Identity Manager plug-ins for Novell iManager create a Role-Based Entitlements area that allows you to create and manage role-based entitlement policies. These policies entitle particular groups of users to memberships and accounts in various connected systems. For example, you might create a sales entitlement policy that entitles all users in your company's sales department to a membership, a Notes user account, and a Microsoft Active Directory account.

The Role-Based Entitlements feature in Identity Manager makes provisioning access rights and entitlements to memberships and accounts easier than ever for at least four reasons.

1) You can write rules that instruct Identity Manager which users to grant which entitlements—without having to deal with XML or XSLT.

2) You need write only one policy to grant several users entitlements to several connected systems.

3) Users come and users go but, despite this fact of corporate life, you won't necessarily need to touch your entitlement policies. Identity Manager provisions access and entitlements based on users' roles—not their names.

4) A wizard walks you through a simple six-step process for creating role-based entitlement policies.

Dynamic, Demonstrable Compliance
When you need to prove, track, automate, and verify your security policies, Novell Identity Manager is your best friend. You won't need to worry about Sarbanes-Oxley or other information disclosure legislation like it, because Identity Manager logs and tracks all user access for auditing purposes. This makes it much easier to track down breaches in security should they ever occur, and provides solid confirmation that only authorized users have access to sensitive information and systems.

Former employees are a common security risk for any enterprise, but Identity Manager eliminates this chronic concern. The moment an employee's status is changed to "dismissed" in the human resources database or any other authoritative source, resource access is automatically rescinded. Your confidential resources remain safe.

Of course, while only the right people should have access to your information, you must also be able to prove that this is so. An auditable identity-management solution is a critical component of any regulatory compliance plan. Fortunately, Identity Manager includes Novell Audit Starter Pack capabilities for centralised logging of all identity-management activities. Pre-configured reports include a list of all users with access to a particular system, and of all resources provided to any user. Novell Identity Manager can also issue alerts when inappropriate access is granted. You can act immediately to protect your company from costly security breaches and litigation.

Password Changes Made Easy
If your users have to call the helpdesk to change their passwords, you're going to love this. Nearly 30% of helpdesk calls are password related. Analysts estimate that each time someone calls to the helpdesk, it costs anywhere from US $25 to US $50. Why not empower your users through password self-service? It keeps them from getting derailed from their work, reduces distractions, and makes everyone more efficient. Let them change their passwords and manage their identities in accordance with your business policy, and take your helpdesk out of that loop.

Normally, an employee who forgets his password must call the help desk for a password reset—eating up his own valuable time and driving up support costs. But with Novell Identity Manager you can synchronise a user's passwords to provide a single password to all systems. Users are more likely to remember a single password. Moreover, you can ensure that passwords your users set are secure: you can create and enforce strong, system-wide password policies to protect your company against password-related attacks.

When a user forgets his password, the User Application comes to the rescue. It allows him to remember, create, change and reset his own password without calling the helpdesk and taking up an IT administrator's time.

When the user visits the User Application he is given one of the following administrator-defined options:

Password hint:
The administrator decides whether the system delivers the hint immediately on the screen or by e-mail.

Password reset with challenge and response:
One or more challenge questions are displayed on screen. These can include questions originally created by the user, by the Identity Manager administrator, or a combination of both. When the user answers the questions correctly, he is permitted to change his own password. The new password is automatically checked for policy compliance, then updated and synchronised with all connected systems.

Complete Password Management
Password self-service is just one part of the overall password management solution provided by Identity Manager. Password management features fall into three categories:

  • Password policy
  • Password self-service
  • Password synchronisation



With these features, you can enforce a consistent password policy across several heterogeneous systems and thus tighten your security belt. You also minimize the number of passwords that users need to remember, thereby strengthening the security of password authentication to your network. After all, with fewer passwords, users are less likely to void the password concept by writing down (and thus advertising) their secrets.

Easy to Design, Debug, and Deploy
Create and document your rules and policies with ease—without code knowledge. Designer for Novell Identity Manager is a powerful modeling tool that lets you play around with many different options as you create the identity policies and rules that will govern your network. With little code knowledge required, Designer uses graphics and drag-and-drop tools to make designing, debugging, and deploying your identity management solutions an intuitive (and even fun) process. Get a full view of Identity Manager in your enterprise, drill down to any level of detail, and get instant documentation of the policies and rules defined in Identity Manager whenever you need it.

With Designer, you can:

  • Graphically model your implementation
  • Re-use configurations to help reduce deployment time frames
  • Create and test "what-if" scenarios before you deploy them to ensure proper policy definition
  • Automatically generate project documentation of all implementation details
  • Work offline to safely configure implementations outside of the production environment
  • Maintain project version control
  • Define and manage policies such as data transformation, placement and matching
  • Use powerful modeling to create the big picture of identity management for your enterprise, with all Identity Manager components, end-systems, applications, and other visual elements. Divide the big picture into smaller connected pictures by organising the systems into groups. Pan, scan, and zoom. Model application subsystems, eDirectory to eDirectory, and multiple drivers connecting to one system, in a way never possible before.

With Designer, you can visually see and manipulate how data flows across the entire enterprise. Plus, once you've got it designed, you can document your solution with the push of a button—producing detailed tables, charts, and graphics of all of your systems. You can even document policies, schema, Identity Manager components, custom content, and project information, including a table of contents, appendix, and page numbering.

Out-of-the-box Connections to Your Business Apps
Keep the apps you already have—we'll just make them more secure. With the largest driver set in the universe, you can be sure that Identity Manager has drivers for all the business applications you currently have in place. No need to rip and replace anything.

Identity Manager Drivers

Unify All Your Digital Identities
It's simple: One person, one identity. Novell Identity Manager unifies digital identities across all business systems in the enterprise so that when an identity is created or changed in the authoritative system, the new information is automatically propagated to all appropriate systems. This helps you stay in compliance with your company policies, preventing someone from being both a purchaser and an orderer, for example.

Novell Identity Manager unifies digital identities across all business systems in the enterprise so that when an identity is created or changed in the authoritative system, the new information is automatically propagated to all appropriate systems.

A central datastore called the Identity Vault is used to synchronise, transform, and distribute information across applications, databases, and directories. When data from one system changes, the metadirectory engine included in Identity Manager detects and propagates these changes to other connected systems based on the business rules you define. This solution enables you to enforce authoritative data sources for any particular piece of data (for example, an HR application owns a user's ID, while a messaging system might own a user's e-mail account information).

Novell Identity Manager lets a connected system (such as SAP, PeopleSoft, Lotus Notes, Microsoft Exchange, Active Directory, and others) do the following:

  • Share data with the Identity Vault.
  • Synchronise and transform shared data with the Identity Vault when it is modified in connected systems.
  • Synchronise and transform shared data with connected systems when the data is modified in the Identity Vault.
  • Novell Identity Manager achieves this integration through a bidirectional framework that allows administrators to specify which data flows from the Identity Vault to the application and from the application to the Identity Vault.

Novell Identity Manager lets you select only the attributes and classes that correspond to relevant connected system-specific records and fields. For example, a directory datastore can choose to share user-type objects with a Human Resources datastore, but not share network resource objects such as servers, printers, and volumes. The Human Resources datastore can in turn share users' given names, surnames, initials, telephone numbers, and work locations, but not share the users' family information and employment history.

If the Identity Vault doesn't have classes or attributes for data you want to share with other applications, you can extend the Novell eDirectory™ schema to include them.