NetIQ Identity Manager
This article contains content that is written like an advertisement. (May 2012) (Learn how and when to remove this template message)
|Initial release||July 24, 2000|
4.5 SP4 / June 28, 2016
NetIQ Identity Manager (a.k.a. IDM) was formerly owned by Novell. IDM is NetIQ's implementation of Identity Management software. Previously known as DirXML the product utilizes XML-based configuration files to determine the product's implemented functions. With synchronization capabilities out of the box including various directories, databases, phone systems, operating systems, and HR systems, IDM strives to ease the administrative efforts of large enterprises by preventing administrative effort duplication. IDM 4.5 was released October 9, 2014.
IDM supports its own and a large number of third-party systems including the following: Novell eDirectory, Avaya, PeopleSoft, Oracle Database, SAP HR and User Management, Lotus Domino, Novell GroupWise, MySQL, any JDBC-compliant database, any LDAP-compliant directory, NIS, SIF, SOAP, REST, Microsoft Active Directory, Microsoft Sharepoint, Microsoft Office 365, Microsoft Azure, Ellucian Banner, Blackboard LMS, Google Apps, AS400, RACF, ACF2, Top Secret, Service Now, Salesforce.com, Oracle EBS Suite, RSA ACE Server, Remedy, and many others including various Unix and Linux user databases.
For those supported systems drivers and configuration files have been pre-built and made ready for user customization. While a large number of systems are supported out of the box the possibility of integrating with other systems is there through customized drivers and configurations.
Several of the drivers are API level connectors and thus a transport to a system, with the business logic required to interpret what the data means implemented on top of the out of the box connector. Examples would be the LDAP, SOAP, REST, and JDBC drivers.
The current release of Identity Manager also provides integration with NetIQ's Security Information and Event Management (SIEM) product called NetIQ Sentinel. Among other things the integration lets Sentinel understand which of various users and roles are tied to a single person. This means that while a single person may have multiple usernames across various systems they can all be tied back to one individual because IDM sends the relevant relationships to Sentinel.
The REST driver which was released in July 2015 provides REST-enablement for identity provisioning and data synchronization with any application with RESTful services. This opens up a window of opportunities for users to configure and customize Identity Manager with many applications.
An additional tool available is IDM Validator, which is a web based testing tool to allowed unit testing during development. End to end tests can be scheduled to run regularly, thus reporting on the overall health of the Identity system.
Implementation and administration
There are a number of ways to develop, configure, or reconfigure an IDM implementation. Using NetIQ's own iManager has been an option since IDM 2. This option appeals to many administrators because it only requires a computer with a web browser and network access to perform all tasks associated with IDM. Because the configuration files are XML-based they can be imported and exported from anywhere in the world or edited directly in iManager's pages.
A newer method of administration, and especially, deployment, is now available through a product known as Designer. A free companion to IDM, Designer is written in Eclipse and runs on either a Linux or Windows workstation. Because it is a fat client it does not need to be connected to any networks to make changes to drivers though it does need to deploy changes for them to take effect. Designer is made to speed up the process of deploying new drivers and modifying and testing existing drivers by removing the multiple-click requirement that comes with any web interface, and offering quicker access to driver configuration settings. As of Designer 3.0, Designer also provides Subversion based version control. This simplifies development of an IDM implementation in a team environment, and also provides access to a history of changes made to IDM objects.
Along with changing and deploying entire environments Designer offers the added benefit of real-time testing of drivers before they are placed in production. An operation document can be fed into Designer and run through the driver's configuration and policies to see what will come out after the processing takes place. It is this output that would be used to make changes on either the eDirectory or application system. Because the test operation document is XML, just like the IDM configurations, the document can be easily viewed in a text editor or web browser before and after the simulation operation.
- Carman, Geoffrey (2016). IDM Validator: The Missing Manual. Lulu.com. ISBN 978-1-365-74013-8.
- Carman, Geoffrey (2013). The Definitive Guide to IDM Tokens. Lulu.com. ISBN 978-1-300-83160-0.
- Weitzell, Steve; Richard Matheson; Perry Nuffer; Lee Lowry; Volker Scheuber (2006). Novell Identity Manager Administrator's Handbook. Novell Press. ISBN 978-0-672-32864-0.
- Kuo, Peter (2002). Novell's Guide to DirXML. Wiley. ISBN 978-0-7645-4919-9.