Identity Manager 3 - Configuring the Workflow Based Provisioning System

TUT273: Novell IDM 3 - Configuring the Workflow Based Provisioning System

This is part of the user application that runs as a J2EE war file on JBoss. It uses database tables to contain it’s data, and it supports the embedded MySQL database that comes with it, or SQL server or Oracle.

The user app includes search, list, org chart portlets, password self service, lightweight user admin, workfow, personalization and portal provisioning portlets. There is an eclipse plugin available on novell forge to manage this.

The main focus of the presentation was demonstrating a lot of the workflow features, but not a lot about setting up workflows. They described the functionalities of IDM3 workflow, including user requesting a provision, and then the whole approval process in the web application.

Then they went into iManager and went through the tasks of configuring a workflow. This is done using an IDM driver for the user application / workflow, that was very similar to any other IDM driver. It should be possible to use this in conjunction with a driver that can talk to SQL Server, to provide automatic provisioning of users from Deltek Vision, with approval and input from network administrators, and that kind of stuff. The iManager tools were very gui-ish and have the ability to let you set up groups for approval, so that anyone in the group can approve a given request for access, and you can setup additional data entry, like setting properties on the provisioning request in-process. You can make requests time-out, or escalate up the chain of command, or fancy stuff like that. It requires a lot of configuration of your actual identity store data, like manager heirarchy and stuff like that if you want it to work.

All in all, it looks like we could implement the hire/fire/cleanup of users with this much more easily than in a custom application.

We need to try it out in Engineering like Ed suggested.