Utilizing Group Sharing Account User Management using the IBM Tivoli Identity Manager Adapter for Tivoli Access Manager for Enterprise Single Sign-On

An IBM Redpaper publication



Abstract

In the 5.1 release of the IBM® Tivoli® Identity Manager Adapter for Tivoli Access Manager for Enterprise Single Sign-On, a has been introduced. This allows multiple users who have a Wallet to have access to credentials for a shared application account, without having ownership of the shared application account. Each share account has only one owner who is responsible for performing password resets on the account when required. This can help eliminate the number of accounts that are needed on a particular target system, and shared account users do not need to know the password of the shared account.

This version of the adapter integrates Tivoli Identity Manager 5.1 and Tivoli Access Manager Enterprise Single Sign-On 8.1. It utilizes the IBM Tivoli Directory Integrator functionality to facilitate communication between Tivoli Identity Manager and the Tivoli Access Manager Enterprise Single Sign-On IMS Server to provide user management functionality such as create, delete, and change password operations for Tivoli Access Manager for Enterprise Single Sign-On users. It also leverages the workflow extension capabilities of Tivoli Identity Manager to provide application credentials management. This includes create, delete, and change passwords for application credentials in the user's Wallet.

Table of contents

Introduction
Architecture overview
Group sharing account management
Group sharing account deployment
Scenarios
Conclusion




Profile

Publish Date
30 November 2010

Last Update
07 December 2010


Rating: Not yet rated


Author(s)

IBM Form Number
REDP-4707-00

Number of pages
34