The world of IT has been experiencing some deep changes throughout the year, making productivity increase one of our customers’ main goal. Here at Ivanti, we like to keep our ear to the ground when it comes to delivering the right features for the desired business outcomes. And so, Identity Director 2020.3 comes with a set of features aimed at:  

  • Easier ITSM tools integration
  • An expanded set of people attributes that can be synchronized with external data sources
  • Allowing identities to handle multiple coordinators
  • A faster and more convenient way of composing qualification policies
  • Easier identification of people in the user portal
  • Simplified creation of complex password complexity policies

1) Integrate easier with ITSM tools

product update script

Why does it matter?

By enabling direct communication between workflows inside Identity Director and your ITSM tool, you can integrate date from your ITSM tool directly into Identity Director. This eliminates passing the data to a third-party connector and greatly improves the speed and quality of your business workflows.

How does it work?

Let’s say you have a hardware approval process that starts in Service Manager. You want that process to link into Identity Director and automatically start a workflow to deliver the hardware approval process to your users. You can now start that workflow from Service Manager and pass attributes such as change number, hardware number, etc. by calling the Identity Director Management Console API. This assures your data consistency and greatly improves your speed of delivery and automation power end to end.

2) More managing power for your people attributes

screenshot: add managers to people

Why does it matter?

Traditionally, the list of managers, approvers and coordinators can include people outside of your system. These can be kept in a separate data source and be updated regularly. We have added a new people attribute type list and have updated it into the attributes that can be synced inside Identity Director, along with the table attribute. This means that you can now synchronize not one, but two people attributes with outside data sources.

How does it work?

A new person attribute type list can be defined in the Management Portal. Following that definition, all identities in the system can use it.

The Data connection formerly named ‘Table Attribute’ is now renamed to ‘People’ and updated to host the synchronization of both table and list attribute types. This ensures an easier administration of people related metadata.

3) Delegate people administration to multiple managers

screenshot: manager of subscriber

Why does it matter?

This is a need that is meant to widen the range of applicability for the delegated administration panels in Identity Director. Imagine the following scenario where you have a wide organizational chart with areas and resources that overlap. You may want to allow more than one manager to trigger an entitlement workflow or approve a request for those shared resources. By making sure that any identity in your system can be managed by more than one person, you eliminate bottlenecks and increase organizational efficiency.

How does it work?

Identity Director has two Smart Rules that can dynamically read managers: one is Manager of subscriber and the other one is Subordinate of subscriber.

To allow multiple managers to approve and trigger processes for a shared group of people, you just have to add a set of people in a list attribute for a subordinate person. The next step is to create a Smart Rule of type Subordinate to Subscribeand use the output as a qualification base for a Delegated Administration Panel. The respective managers should now be able to see and act on triggering workflows for a cross shared group of people.

4) Increased qualification speed and accuracy using people attributes and wildcards

screenshot: engineering journal

Why does it matter?

Creating a qualification policy is not easy. There is a wide range of applications inside an organization, each with its own set of rules that the user must follow in order to be eligible to receive it. One clear case of that would be to allow people to qualify for an application based on the role they have. In the last release, we enabled that use case by allowing the use of people attributes in the qualification engine. However, we wanted to make the process even easier, by allowing the use of wildcards for defining the values for faster administration

How does it work?

When you define the values contained in attributes, you now can leverage the use of wildcards. So, instead of adding two attributes for the roles ‘Inner Sales’ and ‘Senior Sales Engineer’, you can just add a single attribute indicating the value ‘Sales’.

5) Increase productivity by allowing admins to see identifiers and attributes in the user portal

admin store

Why does it matter?

This improves the identification of users in the user portal. Many people share the same name and when looking to trigger a workflow for the right person, it is useful to have more details on the person in order to identify him or her correctly. Seeing the identifiers and attributes for that person directly in the user portal can help.

How does it work?

The identifiers have now become a standard detail that can be seen in the person details in the user portal in delegated administration panels. The attributes, however, must be checked as ‘visible’ in the user portal. This doesn’t show per default as a person can have a wealth of attributes assigned and not all of them are relevant. So, when a people attribute is defined in the management console, the administrator can decide whether it will be visible or not in the user portal.

6) Test your password complexity policy directly in the Identity Director Management portal

password reset

Why does it matter?

The password complexity policy can be tricky to define. This enhancement is meant to complete the profiles feature released in 2020.2 and to let system administrators test their defined policies directly where they are created. This reduces the risk of making mistakes, especially when one organization is subject to multiple complexity profiles.

How does it work?

In the Password Complexity section in the management portal, we have introduced a new section situated on top for better access. The diagnostic feature allows you to select a specific organization and to see what profiles it is subject to. In addition, the area underneath shows the password complexity rules and allows for testing a password that matches them.