Option Pack › Introduction › Benefits of the Option Pack

Benefits of the Option Pack

The Option Pack is a separate add-on component that you can install with Identity Manager. The Option Pack enriches Identity Manager by offering the following enhancements:

• Fine-Grained Account Management

  Provides account management that controls the allocation, termination, and modification of endpoint account attributes, such as Active Directory groups, RACF groups, SAP roles, or SQL database access. The Option Pack can manage any endpoint, including dynamic endpoints generated by Connector Xpress.

• Fine-Grained Workflow

  Provides added flexibility, account management, and ease of configuration to Identity Manager's current workflow capabilities. Enhanced workflow supports fine-grained association of workflow processes and approvers to an attribute or an attribute's value. Also, the following functionality is added:

  • Dynamic resolution of approvers according to the approver's profile
  • Approval consolidation per approver
  • Partial approval and provisioning
  • Multi-valued attribute approval
  • Group approval in one step
  • Sequential and parallel approvers at the attribute-value level.
• Fine-Grained Out of Office Delegation

  Provides the ability to, at the attribute-level, delegate each approval task to a different person, delegate each approval task to a different user, and define start and end dates for each delegated task.

• Scheduled Tasks

  Provides the ability to perform time-based activities at all levels, including the attribute level. This feature allows a user to configure time-based task activation, define complex activation conditions, activate a task for a specific user population, and scheduled mass updates for users with a specific profile. For example, all employees working for Sales in New York need access to a new database. Rather than performing the same action multiple times for each sales person, a Identity Manager administrator can perform all these identical tasks with one step, and in a time-based way.

• Reverse Synchronization

  Ensures and validates that access entitlements that a user has in the user store are identical to the access entitlements the user has on endpoints. This is done at the account-level for orphan accounts, and at the attribute-level. Reverse Synchronization allows you to either accept a discrepancy, reject it, or send it to an approval workflow. Once a decision is made, the relevant attributes are forwarded to Identity Manager for provisioning or de-provisioning.

• Policy Xpress

  Provides the ability to create custom business logic (policies) quickly, without the need for custom code.

• Fine-Grained Account Auditing

  Provides historical audit information about any changes to a user's accounts. This audit information can be combined with Identity Manager's standard audit tables to create reports in the user's reporting tool.

• Fine-Grained Preventive Segregation of Duties (SOD)

  Detects predefined SOD violations. Violations are captured at run time and sent for approval or rejection based on the user's configuration.