Configuration Guide › Identity Manager Environments › Modify the System Manager Account

Modify the System Manager Account

A system manager is responsible for setting up and maintaining an Identity Manager environment. Typically, a system manager’s tasks include the following:

• Creating and managing the initial environment
• Creating and modifying admin roles
• Creating and modifying other administrator accounts

You create a system manager account when you create an Identity Manager environment. If this account is "locked out," for example, if the system manager forgets his or her password—you can re-create the account using the System Manager wizard.

The System Manager wizard guides you through the steps to assign a system management role to a user.

Note the following before modifying the System Manager account:

• If you are using an LDAP user store, and you configured a user container such as ou=People, in the directory configuration file (directory.xml) for your Identity Manager directory, ensure that the users you select when you configure the system manager exist in that container. Selecting a user account that does not exist in the user container may cause failures.
• When the Identity Manager environment manages a user directory with a flat or flat user structure, the profile for the user that you select must include the organization to which the user belongs. To ensure that the user’s profile is configured correctly, add the name of the user’s organization to the physical attribute that corresponds to the %ORG_MEMBERSHIP% well-known attribute in the directory.xml file. For example, when the physical attribute description is mapped to the %ORG_MEMBERSHIP% well-known attribute in the directory.xml file, and the user belongs to the Employees organization, the user’s profile should contain the attribute/value pair description=Employees.

To specify the system manager

1. At the Identity Manager environments screen, click the name of the appropriate Identity Manager environment.

   That environment’s properties screen appears.

2. Click System Manager.

   The System Manager wizard appears.

3. Type the unique name for the user that will have the System Manager role as follows:
   • For relational database users, type the unique identifier for the user or the value that is mapped to the %USER_ID% well-known attribute in the directory configuration file.
   • For LDAP users, type the relative DN of the user. For example, if the user’s DN is uid=Admin1, ou=People, ou=Employees, ou=NeteAuto, type Admin1.

   Note: The System Manager should not be the same user as the administrator of the user store.

4. Click Validate to display the user’s full identifier.
5. Click Next.
6. In the second page of the wizard, select a role to assign to the user as follows:
   • If you want to assign the System Manager role, do the following:
     1. Select the radio button next to System Manager role.
     2. Click Finish.
   • If you want to assign a role other than the System Manager role, do the following:
     1. Select a condition in the first list.
     2. Type a partial or complete role name or an asterisk (*) in the second list box. Click Search.
     3. Select the role to assign from the search results list.
     4. Click Finish.

   The System Manager Configuration Output screen displays status information.

7. Click Continue to close the System Manager wizard.