 |
 |
 |
|
Identity Forge Advanced Adapters supports a comprehensive list of features and functionality. The majority of advanced features are implemented across the adapter suite, however certain platforms may cause nuance changes in the capability of a particular feature. Core Functions
Alias ManagementThe ability to manage multiple aliases over multiple catalogs. The Pioneer agent provides a seamless and effortless process to perform ALIAS management in conjunction with your identity application. A sample issue we manage is the alias match issue. Here’s how it works. The path to locating the catalog is a technique called “alias match,” where the alias is a value that represents the application. The catalog is defined to the system as having an alias of that value and that same alias is assigned to the high-level node for all data sets in that application. To locate any data set within that application, an alias table is searched to identify its assigned catalog, and then the catalog is searched for the fully qualified data set name.” “The problem is that most catalogs have multiple aliases, representing multiple applications, whose data sets are cataloged in the same catalog. It isn’t uncommon for a production catalog to have 50, 75, or even 100 or more aliases assigned. Over time, new aliases are assigned to existing catalogs and the number of data sets for an application grows. Before you know it, a critical catalog has bulged far out of proportion.” Source: zJournal ICF Catalog Failure: The Local Disaster You’re Not Planning For! by Ron Ferguson Authorization | AuthenticationThe ability to provide native authorization and authentication as if the application accessing the mainframe was a native TSO user or administrator. Catalog ManagementCatalogs are used by z/OS to locate datasets when a task attempts to allocate them without supplying their volume serial number; they hold records of the volume(s) on which each cataloged dataset exists. IdF advanced adapter allows identity management infrastructures the ability to manage user’s access to user catalogs. Dataset ManagementIdF provides the ability for an identity or provisioning application to manage Data sets (mainframe) files. The Pioneer agent’s external API routines allows dataset (file) management to be simplified. By the submission of an Alias for example z/OS JCL can be submitted to perform any z/OS batch task that is required at the time of ALIAS submission. This resolves a very labor and time intensive procedure to be automated. Native Platform based TechnologyThe pioneer and voyage agents are built in standard Cobol and assembler languages and initiated with standard starter task. These are standard technologies used in a mainframe environment. Likewise, the IdF LDAP Gateway or IdF Management Agent which is the transformation components of the IdF solution is built in Microsoft C#/.NET or JAVA. The combination of these technologies provides native bi-directional communication in real-time or delta increments with the mainframe. Password ManagementThe Advanced Adapters provides bi-directional real-time or polling password synchronization between mainframe security databases or i5/OS and your client or identity infrastructure. The IdF solution enables change password (self service change), resume (reset) password, replace password, detect native password change and synchronizes native password in real-time. Resource ManagementIdF advanced connectors allows identity management infrastructures the ability to manage user’s access to mainframe resources such as DASD volumes, tape volumes, load modules, batch jogs etc... Real-time reconciliationThe Advanced Adapters provides Real-time, instant reconciliation of user and group/role information. The Voyager agent, integrated with z/OS security EXITS, detect change events and pass that change to the IdF LDAP Gateway for transformation into LDAPv3 protocol. The IdF LDAP Gateway allows the Real-time events to be sent and digested into any IDM product, application or database. Role ManagementThe Advanced Adapters provides the ability to search all group/roles (including membership), query all user memberships and detect native role changes. It can be integrated with custom or packaged role management applications. Extend Custom | Legacy applicationsLegacy application integration is easily accomplished using the LDAP-Pioneer connection. Z/OS batch JCL or standard Rexx library scripts can be used to invoke customer Rexx scripts and/or programs. DB2 , SQL or user application programs can be easily invoked to perform their work via Pioneer. |