Abstract: A self-service system and method for credential reset permits an administrator to customize policies for credential reset based on any user or group of users. Administrators may choose to set a more stringent policy for credential reset for users or groups that have higher-level permissions to access sensitive information within the resource protected by the credential. Customizable, plug-in gates are provided to permit administrators fine grained control over reset policy definition. When the user initiates a credential reset, the reset policy applicable to that user is invoked, and the user is presented with gates to pass pursuant to the applicable reset policy. The user's responses are compared to responses presented by the user at registration. If the responses meet the reset policy's threshold for accuracy, the user is permitted to reset the credential.

Abstract: Managing resources. A resource manager includes programmatic code for managing resources in the computing environment. Resources available from resource systems within the computing environment are managed. Methods may include receiving user input indicating one or more of that a new entity should be added to the resource manager, that an entity represented by an entity object of the resource manager should have permissions removed at the resource manager, or that an entity represented by an entity object of the resource manager should have permissions added at the resource manager. In response to receiving user input, events may be generated and objects created or removed from the resource manager for from downstream resource systems. The events may specify workflows that should be executed to perform synchronization between objects at the resource manager and objects at a downstream resource system by adding or changing rules in an expected rules list.

Abstract: The embodiments described herein generally relate to a method and system of injecting repeatable processes, or workflows, into the processing of data-oriented or procedural requests in an entity management system. A request in such a system is subject to authentication, authorization, and action phases of processing, and workflows may be associated with each phase for automatic processing upon the triggering of a certain request under particular circumstances. A declarative mapping associates workflows with the request type, phase, requester, and target. The mapping may be created at the system administrator level, or by any person with the necessary capabilities, through the application of the processing concept in API or UI and may be consulted and invoked upon receipt of a request matching the mapping's criteria. Mappings may also be created and retrieved to manage state changes resulting from processing in other phases of the request processing model.

Abstract: Managing resources. A computing environment may include a resource manager. The resource manager includes programmatic code for managing resources. Expected rule entries are added to an expected rules list. Each of the expected rule entries includes: an indicator used to identify a synchronization rule, a definition of flow type, a specification of an object type in the resource manager to which the synchronization rule applies, a specification of a downstream resource system, a specification of an object type in the downstream resource system to which the synchronization rule applies, a specification of relationship criteria including one or more conditions for linking objects in the resource manager and the downstream resource system, and a specification of attribute flow information. Objects in downstream resource systems can be synchronized with objects in the resource manager based on the expected rule entries in the expected rules list.

Abstract: Managing resources. A resource manager includes programmatic code for managing resources in the computing environment. Resources available from resource systems within the computing environment are managed. Methods may include receiving user input indicating one or more of that a new entity should be added to the resource manager, that an entity represented by an entity object of the resource manager should have permissions removed at the resource manager, or that an entity represented by an entity object of the resource manager should have permissions added at the resource manager. In response to receiving user input, events may be generated and objects created or removed from the resource manager for from downstream resource systems. The events may specify workflows that should be executed to perform synchronization between objects at the resource manager and objects at a downstream resource system by adding or changing rules in an expected rules list.

Abstract: A self-service system and method for credential reset permits an administrator to customize policies for credential reset based on any user or group of users. Administrators may choose to set a more stringent policy for credential reset for users or groups that have higher-level permissions to access sensitive information within the resource protected by the credential. Customizable, plug-in gates are provided to permit administrators fine grained control over reset policy definition. When the user initiates a credential reset, the reset policy applicable to that user is invoked, and the user is presented with gates to pass pursuant to the applicable reset policy. The user's responses are compared to responses presented by the user at registration. If the responses meet the reset policy's threshold for accuracy, the user is permitted to reset the credential.

Abstract: A system and method for controlling access to a resource permits an administrator to make changes to access policies at a server level without having to update client code unless and until such updated code is actually needed by a client. Customizable, plug-in gates are provided to permit administrators fine grained control over access policy definition. The most updated versions of corresponding gate clients used to display the gates are identified to client systems when an access request is made. The updated gate clients are downloaded if and when requested by a client system that has not already stored the updated gate clients locally. The user's responses to gate challenges are compared to responses presented by the user at registration. If the responses meet the access policy's threshold for accuracy, the user is permitted to access the resource.

Abstract: The embodiments described herein generally relate to a method and system of injecting repeatable processes, or workflows, into the processing of data-oriented or procedural requests in an entity management system. A request in such a system is subject to authentication, authorization, and action phases of processing, and workflows may be associated with each phase for automatic processing upon the triggering of a certain request under particular circumstances. A declarative mapping associates workflows with the request type, phase, requester, and target. The mapping may be created at the system administrator level, or by any person with the necessary capabilities, through the application of the processing concept in API or UI and may be consulted and invoked upon receipt of a request matching the mapping's criteria. Mappings may also be created and retrieved to manage state changes resulting from processing in other phases of the request processing model.