Configuration GuideIdentity Manager Directories › Enable Provisioning Server Access

Previous Topic: Create a Directory with an XML Configuration File

Next Topic: View an Identity Manager Directory

Enable Provisioning Server Access

You enable access to the Provisioning Server by using the Directories link in the Management Console.

Note: A prerequisite to this procedure is to install the Provisioning Directory on CA Directory. For more information, see the Installation Guide.

To enable Provisioning Server Access

  1. Open the Management Console by typing the following URL in a browser: 
    http://hostname:port/iam/immanage

    hostname

    Defines the fully qualified host name of the system where the Identity Manager server is installed

    port

    Defines the application server port number.

  2. Click Directories.

    The Identity Manager Directories window appears.

  3. Click Create from Wizard.
  4. Type the path and filename of the directory XML file for configuring the Provisioning Directory. It is stored in the directoryTemplates\ProvisioningServer in the Administrative Tools folder. The default location of that folder is:

    Note: You can use this directory configuration file as installed with no modification.

  5. Click Next.
  6. Supply values for the fields on this window as follows:
    Name

    Is a name for the Provisioning Directory associated with the Provisioning Server that you are configuring.

    • If CA Identity Manager does not integrate with SiteMinder, specify a meaningful name for the object used by CA Identity Manager to connect to the user directory.
    • If CA Identity Manager integrates with SiteMinder, you have two choices:

      If you want to create a user directory connection object in SiteMinder, specify any meaningful name. CA Identity Manager creates this object in SiteMinder with the name you specify.

      If you want to connect to an existing SiteMinder user directory, specify the name of the SiteMinder user directory connection object exactly as it appears in the Policy Server user interface.

    Description

    (Optional) Describes the Identity Manager Directory.

    Host

    Specifies the host name or IP address of the system where the user directory is installed.

    Port

    Specifies the port number of the user directory.

    Domain

    Specifies the name of the provisioning domain that CA Identity Manager will manage.

    The name must match the name of the provisioning domain that you specified during installation.

    Note: The domain name is case sensitive.

    Username

    Specifies a user that can log into the Provisioning Manager.

    The user must have the Domain Administrator profile, or an equivalent set of privileges for the Provisioning Domain.

    Password

    Specifies the password for the global user that you specified in the Username field.

    Confirm Password

    Enter the password that you typed in the Password field again for confirmation.

    Secure Connection

    Indicates whether CA Identity Manager uses a secure connection.

    Be sure to select this option for Active Directory user stores.

    Directory Search Parameters

    maxrows defines the maximum number of results that CA Identity Manager can return when searching a user directory. This value overrides any limit set in the LDAP directory. When conflicting settings apply, the LDAP server uses the lowest setting.

    Note: The maxrows parameter does not limit the number of results that are displayed on an Identity Manager task screen. To configure display settings, modify the list screen definition in the Identity Manager User Console. For instructions, see the User Console Design Guide.

    timeout determines the maximum number of seconds that CA Identity Manager searches a directory before terminating the search.

    Failover Connections

    The hostname and port number of one or more optional systems that are alternate Provisioning Servers. If multiple servers are listed, CA Identity Manager attempts to connect to the systems in the order in which they are listed.

    The alternate Provisioning Servers are used if the primary Provisioning Server fails. When the primary Provisioning Server becomes available again, the alternate Provisioning Server continues to be used.  If you need to return to using the Provisioning Server, restart the alternate Provisioning Servers.

  7. Click Next.
  8. Select the objects to manage, such as Users or Groups.
  9. After configuring the objects as needed, click Show summary deploy directory and review the settings for the Provisioning Directory.
  10. Click one of these actions:
    1. Click Back to make changes.
    2. Click Save to save the directory information if you want to come back later to deploy.
    3. Click Finish to complete this procedure and start configuring an environment with provisioning.