User management

A user is an individual who uses Identity Manager to manage their accounts. A person who has an Identity Manager account is a resource user. Users need different degrees of access to resources for their work. Some users must use a specific application, while other users must administer the system that links users to the resources that their work requires.

Person profiles

A profile is a set of attributes that describe a person within the system, such as the user name and contact information.

The specific information contained in the profile is defined by the system administrator.

Attributes

An attribute is a characteristic that describes an entity, such as a user, an account, or an account type.

For example, a user is an entity. Some of the attributes that make up a user entity are full name, home address, aliases, and telephone number. These attributes are presented in the user personal profile. Attribute values can be modified, added, and deleted.

An attribute can be specified in an attribute field, as a filter, during a search for an account or user. Several attributes for accounts and account types can be customized by your system administrator.

Aliases

An alias is an identity name for a user. A user can have multiple aliases to map to the various user IDs that the user has for accounts.

A user can have several aliases; for example, GSmith, GWSmith, and SmithG.

Roles

Organizational roles are a method of providing users with entitlements to managed resources. These roles determine which resources are provisioned for a user or set of users who share similar responsibilities.

If users are assigned to an organizational role, the managed resources available to that role then become available to those users. Those resources must be properly assigned to that role.

A role might be a child role of another organizational role, which then becomes a parent role. The child role inherits the permissions of the parent role. In addition, a role might be a child role of another organizational role in a provisioning policy. The child role also inherits the permissions of provisioning policy.

Identity Manager groups

A group is a collection of Identity Manager users. Identity Manager users can belong to one or more groups. Groups are used to control user access to functions and data in Identity Manager.

Some users might belong to default groups that Identity Manager provides. Your site might also create additional, customized groups. Each group references a user category, which has a related set of default permissions and operations, and views that the user can access.

Groups grant specific access to certain applications or other functions. For example, one group might have members that work directly with data in an accounting application. Another group might have members that provide help desk assistance.