Identity and Access Management for IBM Lotus Domino
BCC_AdminTool automates the user and group management processes for IBM Lotus Domino, allows audit compliance and reduces administration costs. Implementing this solution especially in combination with further BCC System Tools makes your administration processes easier, faster and more secure.
Processes and workflows
BCC_AdminTool gives you a process-oriented environment for managing Notes / Domino users and groups. It provides a request based automation of processes, customizable approval workflows, configurable and automated request verification before processing as well as sophisticated monitoring, logging and error handling. Customizable parameters and extended configuration and integration options reflect your individual processes. With the new release 7 multi-domain environments can be managed within a single installation. BCC_AdminTool allows you to shift administration tasks to responsible people within the organization, who do not require technical skills and lessen administrators’ work load. Implementing continuous processes (e.g., enabling new users to work with their notebooks) for all administration entities (users and groups within several Domino directories, databases, and Notes clients) allows organizations to tap into the full potential of process automation, resulting in cost savings and enhanced security.
Integration with external systems
Highest possible automation of user management processes can be reached through integration with the existing corporate identity management environment. Connect your Notes / Domino user management to:
Supporting infrastructure projects
BCC_AdminTool can be used to help organizations supporting infrastructure processes like server consolidation as well as those in the wake of business transformation, like mergers or structural and name changes. It provides high-security, high-speed, and low-cost mass changes in your Lotus Domino environment.
Domino user lifecycle
BCC_AdminTool facilitates all processes related to the different steps of user lifecycle, from automated connection to external systems or user self service via included web interface, over change requests, workflows and approvals, up to the distribution / roll-out of users' IDs, passwords, and initial Notes Client roll-out. You will be able to process changes with minimal efforts like:
Group management
BCC_AdminTool also provides a central single point of administration for the entire group management processes (creation, renaming, deleting, modification of attributes) including delegation function, request forms and approval workflows. With the new release 7 time control functions are included to support temporarily available groups.
Mail-in databases
BCC_AdminTool extends it‘s managing functions also to mail-in databases. The support for the entire lifecycle includes possible change requests like creation, renaming, deleting, modification of attributes as well as the allocation of ACLs and Domino Directory settings.
Distributed responsibility
BCC_AdminTool allows organizations to separate user management responsibilities and relieve technical personnel from processing of routine tasks. It provides easy delegation of single steps to the end users (self service) or central help desks via web interface, without need for technical skills or administration rights within the Domino Directory. Separating business administration from system administration also improves the adherence to ID management standards and password policies, as no single person owns control over sensitive personal data (ID file and password).
Safekeeping of Domino Security Objects
With BCC_AdminTool there is no need to access Certifier ID’s for administration tasks. While an initial setup these files will be imported and encrypted. This prevents a fraudulent use as the IDs are protected on a sustained basis. Physical access is no longer required, any usage is tracked and only possible via BCC_AdminTool interface. Likewise, the user IDs & passwords generated by BCC_AdminTool are stored separated and encrypted according your individual parameters. The access to this sensitive data is restricted by authorizing different persons for different tasks. So, the user‘s ID file is not available for the person, who manages the distribution of passwords. Dedicated access control and limiting the access to the Domino Directory to reader access level result in strengthening of system security.
Gapless documentation and traceability
BCC_AdminTool is equipped with a seamless logging component, so organizations can easily meet the demands of regulators. It provides a detailed recording of all user and group management actions as well as any changes to the product configuration.
Advanced monitoring and management
Integrated AdminP Scanner makes it easy to monitor the complex AdminP process. It can also be used to perform user-defined actions on specific AdminP process steps. The EventEngine of BCC_AdminTool executes user-defined actions during the processing of requests, like sending emails or executing agents in external databases, Domino server console / system commands, or batch files. Powerful synchronization functions will keep your Domino Directory in unison. Optional management of the Domino Administration Database helps to cleanup your Admin4.nsf from obsolete requests and log documents. BlackBerry users and devices can be managed with the BCC_AdminTool, so the administrators can work in their familiar Domino environment.
Why BCC_AdminTool?
BCC_AdminTool automates the user and group management processes for IBM Lotus Domino, allows audit compliance and reduces administration costs. Implementing this solution especially in combination with further BCC System Tools makes your administration processes easier, faster and more secure. Processes and workflows
BCC_AdminTool gives you a process-oriented environment for managing Notes / Domino users and groups. It provides a request based automation of processes, customizable approval workflows, configurable and automated request verification before processing as well as sophisticated monitoring, logging and error handling. Customizable parameters and extended configuration and integration options reflect your individual processes. With the new release 7 multi-domain environments can be managed within a single installation. BCC_AdminTool allows you to shift administration tasks to responsible people within the organization, who do not require technical skills and lessen administrators’ work load. Implementing continuous processes (e.g., enabling new users to work with their notebooks) for all administration entities (users and groups within several Domino directories, databases, and Notes clients) allows organizations to tap into the full potential of process automation, resulting in cost savings and enhanced security.
Integration with external systems
Highest possible automation of user management processes can be reached through integration with the existing corporate identity management environment. Connect your Notes / Domino user management to:
- HR systems (SAP R/3, SAP HR, RACF)
- LDAP (MS Active Directory, MetaDir)
- Identity and Access Management (IAM) Systems (IBM Tivoli Identity Manager, Siemens Metadirectory, Novell e-directory, SUN Identity Management)
- existing Lotus Notes databases
Supporting infrastructure projects
BCC_AdminTool can be used to help organizations supporting infrastructure processes like server consolidation as well as those in the wake of business transformation, like mergers or structural and name changes. It provides high-security, high-speed, and low-cost mass changes in your Lotus Domino environment.
Domino user lifecycle
BCC_AdminTool facilitates all processes related to the different steps of user lifecycle, from automated connection to external systems or user self service via included web interface, over change requests, workflows and approvals, up to the distribution / roll-out of users' IDs, passwords, and initial Notes Client roll-out. You will be able to process changes with minimal efforts like:
- name or certifier changes (move in hierarchy)
- ID renewal (recertification)
- relocation of home server
- password recovery
Group management
BCC_AdminTool also provides a central single point of administration for the entire group management processes (creation, renaming, deleting, modification of attributes) including delegation function, request forms and approval workflows. With the new release 7 time control functions are included to support temporarily available groups.
Mail-in databases
BCC_AdminTool extends it‘s managing functions also to mail-in databases. The support for the entire lifecycle includes possible change requests like creation, renaming, deleting, modification of attributes as well as the allocation of ACLs and Domino Directory settings.
Distributed responsibility
BCC_AdminTool allows organizations to separate user management responsibilities and relieve technical personnel from processing of routine tasks. It provides easy delegation of single steps to the end users (self service) or central help desks via web interface, without need for technical skills or administration rights within the Domino Directory. Separating business administration from system administration also improves the adherence to ID management standards and password policies, as no single person owns control over sensitive personal data (ID file and password).
Safekeeping of Domino Security Objects
With BCC_AdminTool there is no need to access Certifier ID’s for administration tasks. While an initial setup these files will be imported and encrypted. This prevents a fraudulent use as the IDs are protected on a sustained basis. Physical access is no longer required, any usage is tracked and only possible via BCC_AdminTool interface. Likewise, the user IDs & passwords generated by BCC_AdminTool are stored separated and encrypted according your individual parameters. The access to this sensitive data is restricted by authorizing different persons for different tasks. So, the user‘s ID file is not available for the person, who manages the distribution of passwords. Dedicated access control and limiting the access to the Domino Directory to reader access level result in strengthening of system security.
Gapless documentation and traceability
BCC_AdminTool is equipped with a seamless logging component, so organizations can easily meet the demands of regulators. It provides a detailed recording of all user and group management actions as well as any changes to the product configuration.
Advanced monitoring and management
Integrated AdminP Scanner makes it easy to monitor the complex AdminP process. It can also be used to perform user-defined actions on specific AdminP process steps. The EventEngine of BCC_AdminTool executes user-defined actions during the processing of requests, like sending emails or executing agents in external databases, Domino server console / system commands, or batch files. Powerful synchronization functions will keep your Domino Directory in unison. Optional management of the Domino Administration Database helps to cleanup your Admin4.nsf from obsolete requests and log documents. BlackBerry users and devices can be managed with the BCC_AdminTool, so the administrators can work in their familiar Domino environment.
Why BCC_AdminTool?
- Reduce of TCO due to standardized processes (both business and technical) and automated workflows
- Satisfy business requests to support ongoing operations and infrastructure projects
- Establish process reliability through standards and audit proof documentation
- Close security gaps through maximizing system and process security
- Delegate tasks to user administration staff due to stringent separation of responsibilities
- Simplify the system environment through full automation in connection with external systems (LDAP, SAP R/3, RACF etc)