Context

Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.

You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:

•   Identity and Access Management
  •   Create and Maintain Identity

Details

IBM® Tivoli® Identity Manager provides a secure, automated and policy-based user management solution that enables businesses to address the challenge to do more with fewer resources and to effectively and securely manage user identities throughout their lifecycle, across both legacy and e-business environments. IBM Tivoli Identity Manager has at its disposal the facilities to provide these security protection mechanisms using the use of provision, password and identity policies.

Through centralized control, IBM Tivoli Identity Manager empowers organizations with the ability to provide security protection mechanisms by dictating what accounts should exist and under what guidelines or policies. By defining a set of provisioning policies, IBM Tivoli Identity Manager, enforces entitlements based on role-based memberships. Modification of role memberships provides a quick and easy method to provision, de-provision or modify large numbers of identities across a wide variety of systems. In case of security breaches, quick protection may be applied through the de-commission or modification of targeted or wide groups of accounts. See Chapter 17: Provisioning Policies in the IBM Tivoli Identity Manager Policy and Organization Administrator Guide version 4.5.1.

Another security protection mechanism is implemented through the use of the system reconciliation feature. With this operation, the server can detect account creations, modifications, or deletions made on an endpoint machine and enforce changes if any non-compliances are found. Scheduled service reconciliations set mandatory account attributes and password complexity that may have fallen outside of compliance. If a system user, for example, somehow is granted group any membership that is outside of policy, upon service reconciliation, those attributes modified will be rectified on the end point. Additionally, non-compliant accounts may be decommissioned if so desired. See Chapter 32: Reconciliations in the IBM Tivoli Identity Manager Policy and Organization Administrator Guide version 4.5.1.

Within IBM Tivoli Identity Manager, security protection mechanisms are also enforced on account passwords through password polices. Utilizing an easy to understand web interface, IT Administrators can specify the length and complexity of new and existing account passwords. Complimentary, identity policies can be enforced on every identity being provisioned by ITIM. This provides yet another identity management security mechanism that provides valuable protection, as increasing the complexity of new accounts decreases the likelihood that organization user names will be easily guessed. See Chapter 25: Password and Logon Properties in the IBM Tivoli Identity Manager Policy and Organization Administrator Guide version 4.5.1.

Additionally, a unified top-down administration system allows for better understanding of implemented security. The user interface lends it self for quick inspection of non-compliance, as non-compliant accounts are graphically flagged. This helps IT personnel to visually understand their organization security state and make appropriate decisions quickly and effectively. In these respects, IBM Tivoli Identity Manager, becomes an educational tool and valuable environment-training guide.

Workflow mechanisms complete the protection mechanisms by providing an auditable identity lifecycle management tool. Complex rules and workflows may be designed to assure that required security business centric policy procedures are followed with every account provision. Workflow approvals, for example, regulate based on a variety of approvers, how account provisioning takes place. See Chapter 7 and 8: Workflow and Workflow JavaScript® Extensions in the IBM Tivoli Identity Manager Policy and Organization Administrator Guide version 4.5.1.

For More Information

For more information about this tool, click on the link for this tool at the top of this page.