Overview

Novell^® Nsure^TM Identity Manager 2, formerly DirXML^®, is an award-winning data-sharing and synchronization solution that revolutionizes how you manage data. This service leverages your identity vault to synchronize, transform, and distribute information across applications, databases, and directories.

When data from one system changes, the DirXML engine detects and propagates these changes to other connected entities based on the business rules you define. This solution enables you to enforce authoritative data sources for any particular piece of data (for example, an HR application owns a user's ID, while a messaging system might own a user's e-mail account information).

Identity Manager lets an application (such as SAP*, PeopleSoft*, Lotus Notes*, Microsoft* Exchange, Active Directory*, and others) do the following:

Share data with the identity vault (Novell eDirectory^TM.)
Synchronize and transform shared data with the identity vault when it is modified in the application database.
Synchronize and transform shared data with the application database when the data is modified in the identity vault.

Identity Manager does this by providing a bidirectional framework that allows administrators to specify which data will flow from the identity vault to the application and from the application to the identity vault. The framework uses XML to provide data and event translation capabilities that convert identity vault data and events into the specified application-specific format. It also converts application-specific formats into a format that can be understood by the identity vault. All interactions with the application take place using the application's native API.

Identity Manager lets you select only the eDirectory attributes and classes that correspond to relevant application-specific records and fields. For example, an eDirectory database can choose to share User-type objects with a Human Resources database but not share network resource objects such as Servers, Printers, and Volumes. The Human Resources database can in turn share users' given names, surnames, initials, telephone numbers, and work locations with eDirectory but not share the users' family information and employment history.

If eDirectory doesn't have classes or attributes for data you want to share with other applications, you can extend the eDirectory schema to include them. In this case, eDirectory becomes a repository of information that eDirectory does not need, but which other applications can use. The application-specific database maintains the repository for the information that is required only by the application.

Identity Manager accomplishes the following tasks:

Uses events to capture changes in the identity vault.
Centralizes or distributes data management by acting as a hub to pull all the data together.
Exposes directory data in XML format, allowing it to be used and shared by XML applications or applications integrated through Identity Manager.
Controls the flow of data using specific filters that govern data elements defined in the system.
Enforces authoritative data sources by using permissions and filters.
Applies rules to directory data that is in an XML format. These rules govern the interpretation and transformation of the data as changes flow through Identity Manager.
Transforms the data from XML into virtually any data format. This provides Identity Manager the ability to share data with any application.
Carefully maintains associations between identity vault objects and objects within all other integrated systems, in order to ensure that data changes are appropriately reflected across all integrated systems.

With Identity Manager, your business can simplify HR processes, reduce data management costs, build customer relationships through highly customized service, and remove interoperability barriers that inhibit success. Below are several example activities that Identity Manager enables:

Activity	Identity Manager Solution
Manage User Accounts	With a single operation: Identity Manager grants or removes access for an employee to resources almost immediately. Identity Manager provides automated employee provisioning capability where a new employee has access to network, e-mail, applications, resources, and so forth. Identity Manager can also restrict or disable access upon termination or leave.
Track and Integrate Asset Inventory	Identity Manager can add profiles for all asset inventory items (computers, monitors, phones, library resources, chairs, desks, etc.) to eDirectory and integrate them with user profiles such as individuals, departments, or organizations.
Automate White/Yellow Page Directories	Identity Manager can create unified directories with varying levels of information for internal and external use. External directories might contain only e-mail addresses; internal directories might include location, phone, fax, cell, home address, etc.
Enhance User Profiles	Identity Manager augments user profiles by adding or synchronizing information such as e-mail address, phone number, home address, preferences, reporting relationships, hardware assets, phone, keys, inventory, and more.
Unify Communications Access	Identity Manager simplifies network, phone, pagers, Web, or wireless access for individual users or groups by synchronizing directories for each to a common management interface.
Strengthen Partner Relationships	Identity Manager strengthens partnerships by creating profiles (employee, customer, etc.) in partner systems outside the firewall to enable partners to provide immediate service as needed.
Improve Supply Chain	Identity Manager improves customer services by recognizing and consolidating instances of multiple accounts per customer.
Build Customer Loyalty	Identity Manager offers new services in response to recognizing customer needs as a result of viewing data together that was previously isolated in silos.
Customize Service	Identity Manager provides users (employees, customers, partners, etc.) with profiles complete with synchronized information, including relationships, status, and service records. These profiles can be used to provide varying levels of access to services and information, and offer real-time, customized services based on a customer's standing.