ActiveIDM :: Services

a


	Directory Integration Automated User Provisioning/De-provisioning Application Interfaces A Typical Scenario This example depicts a fictitious company using Microsoft Identity Lifecycle Manager (ILM) to automatically create Active Directory (AD) user accounts and Active Directory Application Mode (ADAM) attributes. The data that is used to create the AD accounts and ADAM attributes resides in an Oracle 9i employee database (employee records) and a SQL 2000 employee telephone number database. In ILM terminology, there are three major areas of functionality. The first area is the Connected Data Sources (CD) and the Management Agents (MA), the second are the Connector Spaces (CS), and the third is the MetaVerse (MV). These areas are shown in the following diagram. This is a stylized representation of how the Connector Spaces and the MetaVerse are connected for attribute flow. Each of the configured Management Agents has its separate Connector Space in ILM, as shown in the diagram. The Management Agents connect the Connected Data Source with its respective Connector Space. The MetaVerse is represented in the middle of the diagram. In designing a viable ILM solution, two characteristics are critical. They are: Attribute ownership (what Connected Data Source maintains the valid company value for an attribute). Attribute mapping (how the attribute naming scheme in one Connected Data Source relates to all the other Connected Data Source attributes) for attribute data flows. ILM Example In the diagram above (click and it will open in a separate window), attribute ownership is indicated by the particular color used for the Connected Data Source. For example, the employee records contained in the Oracle 9i database are shown in green. This means that the attributes listed in the Employee Records CS (green) came from the Oracle 9i employee records database. And this Connected Data Source maintains the valid Company value for these attributes, no matter which Connected Data Source they reside in. The second characteristic, attribute mapping, is shown in the diagram by the lines with arrows, indicating how the values of the attributes flow from one Connected Data Source to the MetaVerse and then on to the other Connected Data Sources. In this example, new employee records are entered into the Oracle 9i Employee Records database. At pre-determined time intervals, the ILM Management Agent for Oracle 9i will query the database for new employee records. If the Management Agent finds new data, it will import the data into its respective Connector Space. From there the Management Agent will create the new data in the MetaVerse. In like manner, the Management Agent for the SQL 2000 database will query the database for new telephone records and import them into its Connector Space. The Management Agent will then look into the MetaVerse for matching objects related to the new telephone numbers. If matching objects are found (in the example the objects are people), the new telephone numbers will be added to the data. Having joined all of the new data, ILM will then populate the Active Directory and Active Directory Application Mode Connector Spaces. From there the new Active Directory user accounts will be created, and Active Directory Application Mode attributes will be populated.



		ActiveIdM home :: Identity Management :: Key Concepts :: Clients :: Services :: Media Center :: Contact Us info@activeidm.com