Configuration Guide › CA IdentityMinder Environments › Modify the System Manager Account

Modify the System Manager Account

A system manager is responsible for setting up and maintaining a CA IdentityMinder environment. Typically, tasks of a system manager include:

• Creating and managing the initial environment
• Creating and modifying admin roles
• Creating and modifying other administrator accounts

You create a system manager account when you create a CA IdentityMinder environment. If this account is "locked out," for example, if the system manager forgets password—you can re-create the account using the System Manager wizard.

The System Manager wizard guides you through the steps to assign a system management role to a user.

Note the following points before modifying the System Manager account:

• Assure that you are using an LDAP user store and you have configured a user container such as ou=People in the directory configuration file (directory.xml) for your CA IdentityMinder directory. The selected users must exist in the same container where you configure the system manager. Selecting a user account that does not exist in the user container may cause failures.
• When the CA IdentityMinder environment manages a user directory with a flat or flat user structure, the profile of the selected user must also include the organization. To ensure that the profile of a user is configured correctly, add the name of the organization of the user to the physical attribute corresponding to the %ORG_MEMBERSHIP% well-known attribute in the directory.xml file. For example, when the physical attribute description is mapped to the %ORG_MEMBERSHIP% well-known attribute in the directory.xml file and the user belongs to the Employees organization, the profile of the user must contain the attribute/value pair description=Employees.

Follow these steps:

1. At the CA IdentityMinder environments screen, click the name of the appropriate CA IdentityMinder environment.

   The properties of that particular environment screen appear.

2. Click System Manager.

   The System Manager wizard appears.

3. Type the unique name for the user that has the System Manager role as follows:
   • For relational database users, type the unique identifier for the user or the value that is mapped to the %USER_ID% well-known attribute in the directory configuration file.
   • For LDAP users, type the relative DN of the user. For example, if the DN of the user is uid=Admin1, ou=People, ou=Employees, ou=NeteAuto, type Admin1.

   Note: Make sure that the System Manager is not the same user as the administrator of the user store.

4. Click Validate to display the full identifier of the user.
5. Click Next.
6. In the second page of the wizard, select a role to assign to the user as follows:
   • If you want to assign the System Manager role, do the following tasks:
     1. Select the radio button next to System Manager role.
     2. Click Finish.
   • If you want to assign a role other than the System Manager role, do the following tasks:
     1. Select a condition in the first list.
     2. Type a partial or complete role name or an asterisk (*) in the second list box. Click Search.
     3. Select the role to assign from the search results list.
     4. Click Finish.

   The System Manager Configuration Output screen displays status information.

7. Click Continue to close the System Manager wizard.