Skip to content

Lifecycle Manager Components

Lifecycle Manager is a part of your IdentityIQ solution that adds tools, work items and reports related to Lifecycle Manager core functionality.

New User Registration – a self-service feature that enables new users to request initial access to IdentityIQ. When access is granted, a new identity cube is created for the user.

Quicklink Cards – convenient links to request and track user access from your Home page.

  • How to Manage Access

  • How to Manage Identities

How to Manage Access

Lifecycle Manager adds Manage Access links to Home page. Use the links to perform the following functions:

Note

IdentityIQ System Administrators can make any request regardless of the Lifecycle Manager Configuration settings.

  • Managing User Access

  • Requesting Access

  • Request Violations

  • Manage Accounts

  • Account Passwords

  • Track My Requests

Requests are processed based on the business process defined when IdentityIQ is configured for your organization. If approval is not required, the roles are added or removed from the entitlements list and are available after the associated access is granted on the required applications. If approval is required, the request must first pass the approval process before being assigned.

Requests can be processed:

  • Manually

  • Through a work item

  • By generating a help ticket, if your implementation is configured to work with a help desk solution

  • Automatically through a provisioning provider

How to Manage Identities

Based on the IdentityIQ configuration, the following options can be available from the Manage Identity Quicklinks menu:

  • Create Identity

  • Edit Identity

  • View Identity

After choosing either Edit Identity or View Identity, you can browse and select a specific identity to manage, then use the Identity Details Menu to access your options.

Create Identity

To create new Identity Cubes in IdentityIQ, use the Create Identity page. This page can be accessed from the Quicklinks menu, under the Manage Identity option.

The data fields in this page are determined by the Create Identity provisioning policy that is defined in the Lifecycle Manager configuration. You can. view or edit this provisioning policy by navigating to gear icon > Lifecycle Manager > Identity Provisioning Policies. If a provisioning policy has not been defined, the fields default to what is defined in the Identity Configuration Object, which can be viewed or edited in the Debug pages.

Click Submit after all selections are completed.

Upon submission, the approval of newly created identities follows the specific business process configured in Lifecycle Manager. See Business Processes Tab.

Edit Identity

Use the Edit Identity option to edit attributes of an identity in IdentityIQ. This page can be accessed from the Quicklinks menu, under the Manage Identity option. The set of identities you can view depends on your user rights in IdentityIQ.

  • Those with no one reporting to them are only able to edit their own identity information

  • Those with others reporting to them may edit identity information for themselves and those who report to or through them

  • Admins are able to edit identity information for all identities in the organization

Use the search feature to limit the number of identities displayed. Select the Manage button on an available Identity tile to display the Edit Identity Attributes page.

Once an Identity is selected to manage, the Identity Details page displays. The data fields in this page are determined by the Create Identity provisioning policy that is defined in the Lifecycle Manager configuration. You can view or edit this provisioning policy by navigating to gear icon > Lifecycle Manager > Identity Provisioning Policies. If a provisioning policy has not been defined, the fields default to what is defined in the Identity Configuration Object, which can be viewed or edited in the Debug pages.

Click Submit after all selections are completed to display the Set Dates, Finalize and Submit page. Upon submission, the approval of edited identities follows the specific business process configured in Lifecycle Manager. See Business Processes Tab.

Use the Identity Details Menu on the left to view or update different elements of information about the identity.

View Identity

Use the View Identity option to view detailed information about an identity. This page can be accessed from the Quicklinks menu, under the Manage Identity option.

The set of identities you can view depends on your user rights in IdentityIQ.

  • Those with no one reporting to them are only able to view their own identity information.

  • Those with others reporting to them may view identity information for themselves and those who report to or through them.

  • Admins are able to view identity information for all users in the organization.

If you have the ability to view multiple identities, select Manage on the identity you want to view to open the Identity Details page, then use the Identity Details Menu on the left to view different elements of information about the identity.

Identity Details Menu

Based on the IdentityIQ configuration and your role, the following options may be available as left navigation options for identities being viewed or edited:

  • Edit– edit identity details.

  • Forward– assign an identity to whom all work items assigned to the current identity will be forwarded and define a start and end date for forwarding.

  • Attributes– view the basic user identity information from Identity Mapping such as user name, first name, last name, and email.

  • Access– view all roles and entitlements associated with the identity. By default, the identity's direct access is shown. You can select the Effective Access button at the top right to see the identity's effective access. Effective Access is any indirect access that is granted through another object, such as group membership, another role, or an unstructured target.

  • Accounts– view account information for all of the applications to which the identity has some level of access.

  • Account Passwords– manage account passwords for one or more applications.

  • System Password– change the IdentityIQ system password for the identity.

Manage Accounts

Note

The status for the accounts listed on the Manage Accounts page are refreshed automatically based on the conditions set during configuration.

You can use the Manage Accounts link to take action on any of the accounts assigned to a user. Based on how you system is configured, you can:

  • View account information

  • Delete and account

  • Disable/Enable an account

  • Refresh account status

  • Request an account

Manage Accounts Page

The Manage Accounts page displays the user's cards that you can manage. From this page, you can:

  • Search for a user – enter a letter or combination of letters and click the Search icon.

  • Manage a user's accounts – select a user's card and click Manage.

The Accounts section lists information about accounts associated with the selected user. Information can include:

Account Selection Options:

Application
The application specific to the Account ID.
Account ID
Name of the account.
Status
The current status of the account.
Application
The application specific to the Account ID.
Last Refresh
The date the account information in IdentityIQ was last updated.
Last Action Status
The status of the last provisioning operation performed though IdentityIQ. This state is not updated by actions performed outside of IdentityIQ, so might not reflect the current state of the account.

The available actions are represented by icons defined in the legend on the page. Click an icon to perform the specified action.

Note

If the application does not support the action, the icon is not visible. These options are only available if configured by an administrator.

  • Click the Refresh icon to refresh the account status.

  • Click the Information icon to view information about the account.

  • Click the Actions Menu icon to perform available actions.

  • To request a new account for an application, click Request Account and select the application from the Application dropdown list.

Account Password Tasks

Based on how your system is configured, the following account password tasks may be available:

  • Change passwords for individual applications – see Changing Account Passwords Manually (Link)

  • Use Generate to manage individual passwords or a group of passwords – see Generating Account Passwords Automatically (Link)

  • Use Sync to set up a single password for multiple applications – see Synchronizing Passwords Across Accounts (Link)

Track My Requests

To track the progress of access requests you created, click Manage Access > Track My Access Requests, use the Track My Access Requests link on your Home page, or My Work > Access Requests to display the Access Request page.

Click on a item in the list to display detailed information about the requested items and any pending actions that still need to be taken on that request.

From the detailed history panel you can navigate further into the request to expand the details view, review the actual access request, and send messages to owners of the request reminding them that their action is required.

Click the X icon to cancel a request.

Access Request Options

Access Request ID
Identification number assigned to the access request.
Priority
Specifies the priority level to which the access request was designated.
Type
The type of access request.
Description
The a brief description of the access request.
Requester
The name of the user who assigned this work item to you.
Requestee
The name of the user to who was assigned this access request.
Request Date
The date the request was made.
Current Step
The process step that is currently pending.
Completion Status
Status of the request. Status levels include:
Pending – request was received but no action has taken place.
Approved – request was approved. Additional action may be needed to complete the request.
Rejected – request was denied.
Completed – all actions required for this access request have been fulfilled.
Cancelled – request was cancelled.
Completed Pending Verification – the manual action for this request was completed, however the verification procedure has yet to have been run.
Completion Date
The date when the work item was completed.
Execution Status
Status of the request execution. Status levels include:
Executing – the request is going through the business process and has not completed.
Verifying – the request has finished the business process and is waiting for the Provisioning Scanner to verify it.
Terminated – the request was terminated before it was completed.
Completed – the request was completed and verified.

Track Request Details

To view detailed information about the requested items and any pending actions that still need to be taken on that request, click the Track Request Details option under the Actions (three-line) menu. This option is not available for some types of approvals, such as batch requests and native changes.