Identity Governance Administration

Integrating Ivanti Identity Director with Microsoft SCCM Software Center

Photo by loops7/iStock / Getty Images

Almost every organization is looking for ways to enable their end-users to request access to applications, services, and data without intervention from an internal help desk team. This self-service model is proven to keep both users and their business happy and productive while relieving IT from the heavy burden of manually provisioning and (maybe even more importantly) deprovisioning access. Additionally, there seems to be a glutton of portals in the market and establishing an easy way of accessing the right portal for the right job can be confusing. The most common tool that organizations select for managing their application state is Microsoft System Center Configuration Manager (SCCM). 


It is common knowledge that one of Configuration Manager’s primary functions is to deliver applications to end users efficiently and consistently within the enterprise by relying on the Software Center. It is also widely known that while the Software Center allows end-users a simple self-service interface to select and install applications, it lacks the ability to automate an approval workflow for applications that require multiple approvals prior to installation.


Microsoft has been doing a great job of listening to the community through their UserVoice portal. They have collected feedback and are making much needed updates to the Software Center. One of the new features available after upgrading to Configuration Manager 1810 is it allows an administrator to further customize the Software Center. This will allow you to add a custom tab into the Software Center that directs to a URL of your choice. Connecting statement. Configuration Manager allows self-service but still requires assistance from a third-party application to provide complete business automation workflows. Leveraging Ivanti Identity Director you can provide the ability to automate workflows in Configuration Manager’s Software Center.  


Identity Director has two main functions. One is automated Identity & Access Management, and the other is a Self-Service web portal for user requests. 


Ivanti Identity Director’s first functionality is automatic Identity and Access Management based on data collected from HR systems.  When a new employee is added to the organization’s HR System, Identity Director will pull this information into its database and begin the process of onboarding the new employee. This typically includes creating an AD account, Exchange account, adding the user to any groups, creating accounts in other systems outside of AD or any other direct automation task based on the user’s organizational context (Job Title, Location, Department or any other HR information synced with Identity Director) from the HR system.


The second function of Ivanti’s Identity Director is as a Self-Service Web-portal for end users. The Identity Director portal can be setup to present users with various services and the ability to independently make a request without calling help desk. Services most organizations allow users to request are typically but not limited to application installs, access to groups or shares, new equipment requests, and password resets. Administrators can setup simple or complicated workflows depending on the request with approvals as needed. 


Identity Director’s Self-Service portal is dynamic based on the user’s organizational context.  For example, all employees can see services listed for everyone however Marketing or IT employees may see additional services based on the organizational context in those departments.  It also provides users with an easy to use portal for software requests which tie back to Configuration Manager for delivery or return of the software requested.  Yes, we did say return as well.  If a user changes organization context, Identity Director can be configured to start a return workflow process and communicate with Configuration Manager to uninstall software from the user’s PC. For example, if a user moves from IT to Marketing they will not need the same applications for their new role, so when Identity Director updates the user information with the organization change it will initiate the return process for any services that do not apply to the user. 


This new feature in the Software Center allows you configure the interface as single pane window for requests that are typically facilitated natively by the Configuration Manager. It gives you the ability to configure any request requiring multi-layer approvals using an automation tool, like Ivanti Identity Director. With an automation tool you can simply reconfigure Software Center and add a custom tab that directs to an Identity Director URL. Identity Director and its automation tool allows Software Center to become a one stop shop for regular application installations, applications that require multiple layers of approvals, as well as any other entitlement or service facilitated by Identity Director from the Software Center.  


Note: Below is a step by step walk through that shows how to configure the default client settings to make the required changes in the Configuration Manager console for the Software Center.

In order for the changes below to be available, you must have the New Software Center function enabled. The New Software Center option is available within client settings under ‘Computer Agent.

1. In the Configuration Manager Console go to the Administration node and click Client Settings.

Note: Here you can decide whether to make the configuration changes in the ‘Default Client Settings’ or deploy ‘Custom Client Settings’. In this example we will edit the ‘Default Client Settings’.

2. Right click ‘Default Client Settings’ and click ‘Properties’.

3. Select ‘Software Center’, then click ‘Customize’.

Note: Here you will begin customizing the look and feel of the Software Center.

4.     In the ‘Software Center Customization’ window select ‘Tabs’ at the top of the Dialog box.

5.       Click the ‘Specify a custom tab for Software Center’ check box.

6.       Enter in the ‘Tab name’ which will be displayed as a custom tab in the Software Center.

7.       Enter in the ‘Content URL’ which is the target URL for the custom tab.

8. Click OK.

Congratulations, you are done! To test the changes simply run the Machine policy retrieval action on a client. Give the client a moment to refresh its policy and test your changes. You should now see the new custom tab in the Software Center. To learn more, contact us!

Sentell Ruth is a Senior Solutions Architect at McGlaun Consulting.

Note: Special thanks to Mike Lopez, Senior Solutions Architect at McGlaun Consulting for his assistance with the Identity Director portion of this article!