Overview
Identity management comprises the integration of source systems as well as target systems. Setup of such an integration can cost a lot of effort and can require much time.
Many customers have external service management systems in place (for example ticket systems like Remedy or HP OpenView) that manage all administration tasks with a group of administrators by hand.
To speed up the integration of an Identity system a common strategy is:
-
Integrate only the most important target systems tightly through automatic provisioning. Typical candidates are for example Active Directory, IBM Notes and SAP ECC UM.
-
Integrate the existing ticket system as a source system for DirX Identity and process these tickets automatically.
-
Use DirX Identities feature for manual provisioning to integrate all or many of the existing target systems.
This approach is much faster and brings more benefit to customers as if you try to integrate all source and target systems tightly.
Additionally time related processes require an internal service management component in the identity management itself. For example the move of a user from one organizational unit to another one or from one location to another one is well-defined and happens at a specific due date. The identity system must be able to 'buffer' change requests for some time as orders or tickets.
This document explains the typical use cases and their application in customer environments.
Note that we do not repeat information that is available in other parts of the DirX Identity documentation. Instead, we reference it.
Use Cases
The following figure shows all relevant use cases regarding service management or ticket systems.
Service Management as a Source
If a customer has a ticket system already in place that is used for any type of request, it makes sense to reuse that system as a source for orders. Use a specific subset of tickets to trigger specific identity management actions. Examples of such tickets are user creation or modification requests or requests for privileges.
Internal Ticket Processing
Most actions in an identity management system are expected to happen immediately in real-time but there are situations where a change is requested for some specific time in the future. Assume a move of a person from an organizational unit or a location to another one.
In the first case the organization data like the department number and related data changes at the date where the move happens, in the second case the location data like country, city and room number and other related data changes.
This information is stored in the format of DirX Identity’s internal tickets and processed at the right time.
Service Management as a Target
At the backend customers typically have lots of connected systems that have to be managed. Some of them you can connect with automatic provisioning but this makes only sense if the amount of users (accounts) in these systems is more than 1000 users and the frequency of change is high.
Typically the customer has a number of administrator or administrator groups in place that manage systems with only few users or low change frequency manually.
If the customer has a ticket system in place that is already used for manual provisioning of these connected systems, use automatic provisioning via tickets. Local administrators work on these tickets from the ticketing system and confirm the tasks.
Note: Currently DirX Identity has no default connectors to commonly used ticket systems (Remedy, HP Open View). Thus you need to implement a custom connector within your customer project.
Manual Provisioning of Offline Systems
If the customer has no ticket system in place, you can use the manual provisioning approach via DirX Identity request workflows. In this case the provisioning workflows for synchronization establish for each event a request workflow. The administrators of the target systems get these add, modify and delete requests, perform them manually and confirm the task. This sets the according states in the target system objects (accounts, groups and memberships).