CA Identity Manager Implementation Guide - CA Technologies
CA Identity Manager Implementation Guide - CA Technologies
CA Identity Manager Implementation Guide - CA Technologies
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Identity</strong> <strong>Manager</strong> ComponentsUser Store and Provisioning DirectoryTo provide options for managing users and automatic provisioning of additionalaccounts for those users, <strong>CA</strong> <strong>Identity</strong> <strong>Manager</strong> coordinates two user stores:■The <strong>Identity</strong> <strong>Manager</strong> user store, the user store maintained by <strong>CA</strong> <strong>Identity</strong><strong>Manager</strong>. Typically, this is an existing store that contains the user identitiesthat a company needs to manage.The user store can be an LDAP directory or a relational database.In the Management Console, you create an <strong>Identity</strong> <strong>Manager</strong> Directoryobject to connect to the user store and to describe the user store objects that<strong>CA</strong> <strong>Identity</strong> <strong>Manager</strong> will maintain.■The Provisioning Directory, the user store maintained by the ProvisioningServer.Separate User Store and Provisioning DirectoriesIt is an instance of <strong>CA</strong> Directory and includes global users, which associateusers in the Provisioning Directory with accounts on endpoints such asMicrosoft Exchange, Active Directory, and SAP.Only some <strong>CA</strong> <strong>Identity</strong> <strong>Manager</strong> users have a corresponding global user.When a <strong>CA</strong> <strong>Identity</strong> <strong>Manager</strong> user receives a provisioning role, theProvisioning Server creates a global user.The following figure shows a separate user store and Provisioning Directory. Inthis figure:■A <strong>CA</strong> <strong>Identity</strong> <strong>Manager</strong> administrator uses an admin task that edits a user inthe user store, which affects the Provisioning Directory.This change may also update an endpoint (such as an email server) whichhas a connector to the Provisioning Server.■A change made in the Provisioning Server (or an endpoint with a connectorto the Provisioning Server) updates the <strong>Identity</strong> <strong>Manager</strong> user store andProvisioning Directory.32 <strong>Implementation</strong> <strong>Guide</strong>