Configuration Guide › Integrating SiteMinder with Identity Manager › How to Configure Access Roles
How to Configure Access Roles
To control access to applications, you create access roles and tasks. An access task provides access to a function in an application. An access role contains one or more access tasks for one or more applications. When a user has been assigned an access role, the user can use the functions that exist in that role.
Access roles require configuration in Identity Manager and SiteMinder. Two administrators are involved:
The following procedure outlines the steps to create an access role. Review these steps before configuring access roles for use with SiteMinder.
- An Identity Manager administrator completes the following tasks:
- Enables access roles and tasks for use with SiteMinder.
- Creates access tasks.
- Creates an access role.
- Communicates role and task information to the SiteMinder administrator for the purpose of creating Siteminder role-based access control policies.
- A SiteMinder administrator creates a role-based access control policy by completing the following steps:
- Assigning a user directory that is associated with one or more Identity Manager environments to a Policy Domain.
- Associating one or more Identity Manager environments with the Policy Domain in step 1.
- Creating realms and rules in the Policy Domain (if they do not already exist). The realms and rules should correspond to the resources to which the access roles will grant access.
- Creating policies and binding them to roles from the Identity Manager environment.
- (optional) Specifying responses which deliver entitlement information to the protected resources.
Note: For detailed instructions on these steps, see the Policy Server Configuration Guide.
More information:
Enable Access Roles for Use with SiteMinder
