The Option Pack is a separate add-on component that you can install with Identity Manager. The Option Pack enriches Identity Manager by offering the following enhancements:
Provides account management that controls the allocation, termination, and modification of endpoint account attributes, such as Active Directory groups, RACF groups, SAP roles, or SQL database access. The Option Pack can manage any endpoint, including dynamic endpoints generated by Connector Xpress.
Provides added flexibility, account management, and ease of configuration to Identity Manager's current workflow capabilities. Enhanced workflow supports fine-grained association of workflow processes and approvers to an attribute or an attribute's value. Also, the following functionality is added:
Provides the ability to, at the attribute-level, delegate each approval task to a different person, delegate each approval task to a different user, and define start and end dates for each delegated task.
Provides the ability to perform time-based activities at all levels, including the attribute level. This feature allows a user to configure time-based task activation, define complex activation conditions, activate a task for a specific user population, and scheduled mass updates for users with a specific profile. For example, all employees working for Sales in New York need access to a new database. Rather than performing the same action multiple times for each sales person, a Identity Manager administrator can perform all these identical tasks with one step, and in a time-based way.
Ensures and validates that access entitlements that a user has in the user store are identical to the access entitlements the user has on endpoints. This is done at the account-level for orphan accounts, and at the attribute-level. Reverse Synchronization allows you to either accept a discrepancy, reject it, or send it to an approval workflow. Once a decision is made, the relevant attributes are forwarded to Identity Manager for provisioning or de-provisioning.
Provides the ability to create custom business logic (policies) quickly, without the need for custom code.
Provides historical audit information about any changes to a user's accounts. This audit information can be combined with Identity Manager's standard audit tables to create reports in the user's reporting tool.
Detects predefined SOD violations. Violations are captured at run time and sent for approval or rejection based on the user's configuration.