Configuration Guide › CA IdentityMinder Directories › Enable Provisioning Server Access

Enable Provisioning Server Access

You enable access to the Provisioning Server by using the Directories link in the Management Console. This procedure helps you connect to the provisioning server so that you can access the accounts available in the provisioning directory.

Follow these steps:

1. Open the Management Console by typing the following URL in a browser:

   http://hostname:port/iam/immanage
   

   hostname

   Defines the fully qualified host name of the system where the CA IdentityMinder server is installed.

   port

   Defines the application server port number.

2. Click Directories.

   The CA IdentityMinder Directories window appears.

3. Click Create from Wizard.
4. Type the path and filename of the directory XML file for configuring the Provisioning Directory. The XML file is stored in the directoryTemplates\ProvisioningServer in the Administrative Tools folder. The default location of that folder is:
   • Windows: C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools
   • UNIX: /opt/CA/IdentityManager/IAM_Suite/Identity_Manager/tools

   Note: You can use this directory configuration file as installed with no modification.

5. Click Next.
6. Enter the values for the fields on this window as follows:

   Name

   Specifies a name for the Provisioning Directory that is associated with the Provisioning Server that you are configuring.

   • If CA IdentityMinder does not integrate with SiteMinder, specify a meaningful name for the object that CA IdentityMinder uses to connect to the user directory.
   • If CA IdentityMinder integrates with SiteMinder, you have two choices:
     • If you want to create a user directory connection object in SiteMinder, specify any meaningful name. CA IdentityMinder creates this object in SiteMinder with the name you specify.
     • If you want to connect to an existing SiteMinder user directory, specify the name of the SiteMinder user directory connection object exactly as it appears in the Policy Server user interface.

   Description

   (Optional) Describes the CA IdentityMinder Directory.

   Host

   Specifies the host name or IP address of the system where the user directory is installed.

   Port

   Specifies the port number of the user directory.

   Domain

   Specifies the name of the provisioning domain that CA IdentityMinder manages.

   Important! When creating a Provisioning Directory through Management Console with the foreign language characters as the domain name, the Provisioning Directory creation fails.

   The name must match the name of the provisioning domain that you specified during the installation.

   Note: The domain name is case-sensitive.

   Username

   Specifies a user that can log in to the Provisioning Manager.

   The user must have the Domain Administrator profile, or an equivalent set of privileges for the Provisioning Domain.

   Password

   Specifies the password for the global user that you specified in the Username field.

   Confirm Password

   Enter the password that you typed in the Password field again for the confirmation.

   Secure Connection

   Indicates whether CA IdentityMinder uses a secure connection.

   Be sure to select this option for Active Directory user stores.

   Directory Search Parameters

   maxrows

   Defines the maximum number of results that CA IdentityMinder can return when searching a user directory. This value overrides any limit that is set in the LDAP directory. When conflicting settings apply, the LDAP server uses the lowest setting.

   Note: The maxrows parameter does not limit the number of results that are displayed on the CA IdentityMinder task screen. To configure display settings, modify the list screen definition in the CA IdentityMinder User Console.

   timeout

   Determines the maximum number of seconds that CA IdentityMinder searches a directory before terminating the search.

   Failover Connections

   Specifies the hostname and port number of one or more optional systems that are alternate Provisioning Servers. If multiple servers are listed, CA IdentityMinder attempts to connect to the systems in the listed order.

   The alternate Provisioning Servers are used if the primary Provisioning Server fails. When the primary Provisioning Server becomes available again, the alternate Provisioning Server continues to be used. If you want to return to using the Provisioning Server, restart the alternate Provisioning Servers.

   Click Next.

7. Select the objects for managing, such as Users or Groups.
8. After you have configured the objects as needed, click Show summary deploy directory and review the settings for the Provisioning Directory.
9. Click one of these actions:
   1. Click Back to modify.
   2. Click Save to save the directory information if you want to come back later to deploy.
   3. Click Finish to complete this procedure and start configuring an environment with provisioning.