Ivanti acquired RES Software a little over a year ago (October 2017) and since then Identity Director and Automation have become pillars in Ivanti’s Unified IT stack. Being the new kid on the block, many don’t know what these tools can do and all the amazing features available, so we’re going to fix that!
Ivanti Identity Director
Let’s start with Ivanti Identity Director and talk about what it does at a very high level. Identity Director is the front end of the Identity and Automation stack. Providing portals for the self-service catalog, administration and mobile device access, it has following basic roles:
Ivanti Identity Director is all about the data! Data from the organization is compiled from one or more authoritative sources (databases, API, cloud, etc.) to define who a user is in the organization. The data is synchronized with Identity Director on a re-occurring basis to bring the data alive in the organization.
With users defined, this data can be used as context (e.g. if Job Title is ‘Application Specialist I’ and in Cost Center ‘500023’, automatically execute this workflow). This contextual data can be used for access to services, delegation, approvals and passed into automated workflows. Qualification provides the ability to do role-based provisioning and deliver a living user experience with automatic access, removal and self-service catalog.
Ivanti Identity Director at its most basic level is a service catalog, more appropriately a “actionable” service catalog. When a service is requested data can be collected manually or derived from the data sources to execute automation. The goal in most implementations is to automate as much as possible, but if 80% can be automated and 20% is self-service, user satisfaction has greatly increased! An important aspect of delivering a holistic solution is the ability to ask questions and execute automation, which where the self-service catalog is leveraged. Here is all of the information to build a VM, now let’s get manager approval.
While automation is with no human intervention is awesome, sometimes we may need approval or several levels of approvals before we want to execute a task. There are a multitude of options with dynamic rules and lookups (Manager Approval), but the basic approval options are:
Assign to one person on the list – Randomly chooses a person from a list of people to approve the transaction
Assign to all people, proceed with first response – Assign to an entire team, whomever approves first handle approval for entire team
Require approval from all people on the list – Everyone in the list must approve before proceeding
Require approval from the majority on the list – A higher percentage of users must approve (e.g. 3 users are in the list, 2 must approve)
The approval options provide a great deal of flexibility and can be added anywhere in the self-service or automatic workflows.
One of the most powerful features of Ivanti Identity Director allows a designated user(s) to request a service for another user(s), which is a feature called delegation. Some common delegation scenarios:
A helpdesk user can execute a password reset for a user.
A manager can request software for one (or more) of their employees.
A team member can report a stolen device for another user.
When a service is executed as delegation, the workflow is executed in the context of the chosen user passing all their data into the workflow.
This is where the magic happens! If you can write a script, have a command-line utility, API and\or a database to interface with an application, Automation can be setup for integration. Additionally, Ivanti Automation has many pre-built integrations offered by Ivanti, which basically provides a fill-in-the-blank interface for many enterprise software integrations, such as technology partner companies below.
Ivanti Identity Director and Ivanti Automation work together to provide the power of automation into a button click or automatically trigger changes in the environment when data changes.
Next up, we will show you how to install and configure the software, setup integrations and build automated solutions in your own environment. We’ll also hook you up with best practices, tips and tricks we’ve developed doing deployments in large and small companies across many industries. Looking forward to helping you harness the power of Identity Director and Automation in your environment!
Rob Simmers is a Senior Solutions Architect at McGlaun Consulting.