Configuration Guide › CA SiteMinder Integration › SiteMinder Operations › How to Configure Access Roles › Access Roles in SiteMinder › How to Enable Access Roles in SiteMinder

How to Enable Access Roles in SiteMinder

The following steps assume that SiteMinder already protects the application to which the access role grants access. For instance, assume that you are creating an access role for an application that SiteMinder does not protect yet. In such case, see one of the following guides in the SiteMinder bookshelf:

• For SiteMinder 6.0 SP5, see the Policy Design Guide.
• For SiteMinder 12.0 SP2, see the Policy Server Configuration Guide.

Note: To configure access roles in SiteMinder, use the Policy Server User Interface, an applet–based application, instead of the SiteMinder Administrative UI. In SiteMinder 12, this applet is named the SiteMinder Federation Security Services Administrative UI (FSS Administrative UI). You can install the FSS Administrative UI using the Policy Server installer.

To enable access roles in SiteMinder, you complete the following high-level steps:

1. In the Policy Server User Interface, associate a user directory and a CA IdentityMinder environment with a Policy Domain.
2. In the Policy Domain, create realms and rules (if they do not exist) corresponding to the resources to which the access role grants access.

   Note: For information about creating realms and rules, see one of the following guides in the SiteMinder bookshelf:

   • For SiteMinder 6.0 SP5, see the Policy Design Guide.
   • For SiteMinder 12.0 SP2, see the Policy Server Configuration Guide.
3. Create a response to pass entitlement information to the resource.
4. Create a policy and associate it with the following objects:
   • The access role
   • The realms and rules you created in step 2.
   • The responses created in step 3.

   Note: For information on creating policies, see the Policy Design Guide (for SiteMinder 6.0 SP5) or the Policy Server Configuration Guide (for SiteMinder 12.0 SP2).