Services administration

A service represents a user repository for a resource, such as an operating system, a database application, or another application that ISIM manages. For example, a managed resource might be a WebSphere Application Server application, and a service can be defined for a Lotus Notes User Repository. Services are created from service types, which represent a set of managed resources sharing similar attributes. For example, there is a default service type that represents Linux systems. These service types are installed by default when IBM Security Identity Manager is installed. Service types are also installed when we import the service definition files for the adapters for those managed resources. Most services provide an interface for provisioning of accounts to users, which usually involves some workflow processes that must be completed successfully. Users access these services by using an account on the service. A service owner identifies the person who owns and maintains a particular service in ISIM. A user's profile is represented as an account.

Service administration tasks are done by using Manage Services from the navigation menu. Service administration tasks include the following tasks:

• Create Services and optionally creating provisioning policies for those services
• Change or delete services
• Scheduling an account reconciliation or initiating an immediate account reconciliation, including reconciling supporting data only. An immediate account reconciliation reconciles only the data you need for defining provisioning policies and access information for a group.
• Configure policy enforcement on services: Enforcement actions when an account is noncompliant
• View groups and defining access entitlements on groups
• Request accounts
• Displaying, changing, removing, suspending, and restoring accounts
• Assign accounts to users
• View account recertification status
• Displaying, creating, changing, and removing account defaults

A service might have another service defined as a service prerequisite. Users can receive a new account only if they have an existing account on the service prerequisite. For example, Service B has a service prerequisite of Service A. If a user requests an account on Service B, the user must first have an account on Service A to receive an account on Service B.

See

• Service types
  
• Service status
  
• Create services
  
• Create a service that has manual connection mode
  
• Enabling connection mode
  
• Create manual services
  
• Change services
  
• Change connection mode from manual to automatic
  
• Change a manual service
  
• Values and formats for CSV access data (service)
  
• Export access data for a service
  
• Import access data for a service
  
• Configure access catalog information for a service
  
• Deleting services
  
• Management of reconciliation schedules
  
• Management of accounts on a service
  
• Management of account defaults on a service
  
• Service tagging
  
• Policy enforcement
  
• Account recertification
  
• Management of groups or access on a service