Automation and control of identity management
Many organizations require high-quality information in their user stores. User objects are most likely to exist in several user stores, both local and cloud-based. PhenixID Provisioning module provides an easily configured tool to automatically handle creation, change and deletion of user object in different user stores.
The software brings efficiency when creating user objects in multiple user stores, and also security and cost reduction when inactivating objects. Support for all databases and LDAP directories is supported as well as reading from text-files and via web services.
Identity Provisioning is a service that can leverage corporate rules and policies regarding the handling of electronic identity and information.
The architecture consists of a server engine and components such as Policies, Data Sources, Actions and Schedules.
There is also an internal database, which is used to store configuration information and to handle transaction lines and time stamps.
A policy has multiple functions and is the component that holds the logical concept by which policies are constructed:
• Data source connection and configuration to use for obtaining information.
• A schedule is set to start and execute the desired process.
• Actions are defined in the policy and the order, in which these actions shall be executed, is set.
Data can be synchronized to one data source or distributed to multiple data repositories simultaneously.
The obtained information can be modified by the Actions configured in the policy.
Input — Adds data from one or more Data Sources to the objects virtual image by creating new session objects or attributes.
Process — Updates existing session objects and their attributes.
Output — Saves data from existing session objects and their attributes by writing to one or more data repositories or export to a supported file format.
Connectors are supported for the following data sources and file formats:
• LDAP directory. Searches of the LDAP directory is performed by using the LDAP search filter syntax in RFC 2254.
• ODBC or JDBC database connection. SQL databases using SQL commands and syntax
• Imported LDIF or comma-separated files
• Web/REST services interface
There are three types of Schedulers.
Manual — Manual Policies can only be executed in the administrative user interface or triggered by an Action configured in the administrative user interface.
Scheduled — Scheduled Policies are configured in the administrative user interface to be executed at a specified time or interval.
Persistent Search — Persistent Search Policies can be configured for an LDAP directory that supports Persistent Search or an Active Directory with DirSync control. Policies of this type start a separate thread that listens to the directory. When the thread notifies the Policy of specified events, the Policy automatically executes it configured actions.
The service includes an API that lets you develop custom Actions as needed in case the enclosed actions not are sufficient.