Using IBM Tivoli Identity Manager to Synchronize HR changes to Active Directory

Imagine this scenario. An employee gets married and her last name changes. Human Resources receives the required documentation and updates the employee’s last name. Now that the W2 has been changed, how long will it take this change to get propagated to the email system? How many people will be involved? How many phones calls will be made wondering why the name hasn’t been updated? Shouldn’t there be a simpler process?

With IBM Tivoli Identity Manager (ITIM) this last name change can automatically be replicated to multiple ITIM controlled systems with just the change to HR and without the need of any more human intervention.

ITIM automatically detects the change to the person’s last name and then triggers name change updates to multiple ITIM controlled systems including Active Directory, LDAP and database repositories. These updates occur in real time and the new last name is available for all to see.

This auto magical event is achieved with ITIM by using Out of the Box configurations.

  • IBM Tivoli Directory Integrator with its multiple connectors connects to the HR data source and detects the change to the person last name. This User Data change is sent to ITIM.
  • Tivoli Identity Manager receives the User Data Change. The user data change triggers an update to the different ITIM controlled Services.
    • Active Directory attributes including the Display name are updated using the Out of the Box Active Directory Adapter Connection.
    • LDAP name attributes are updated using the Out of the Box LDAP Adapter
    • A custom database’s name attributes are updated using a Database connection.
  • The newlywed employee is pleased that her new name is available in the email system, the corporate directory or wherever the updates took place. Oh Yeah!

Of course, Tivoli Identity Manager is not just limited to changing the last name of a newlywed. Processing input from an HR feed, ITIM with its array of adapters can automatically provision new accounts, suspend and restore accounts, delete accounts or add or remove account accesses based on person information such as roles and/or department information.

ITIM capabilities can provide automation for the entire employee or non-employee lifecycle from provisioning and access control to role compliance and reporting.

If you need help with Tivoli Identity Manager, please feel free to visit our website or contact us at 817-704-3644.

Mark Adamson
IBM Certified Deployment Professional – Tivoli Identity Manager V4.6 / V5.0 / V5.1

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply