Policy Server Guides › Policy Server Configuration Guide › Administrative User Interface Management › SiteMinder Administrators › How to Configure an External Administrator Store › External Administrator Store Considerations
External Administrator Store Considerations
Before you configure an external administrator store connection, consider the following:
- Important! Discontinuing the use of the policy store as the source of administrator identities is permanent. This only affects the Administrative UI that is configured to use the external store. Any other Administrative UI not yet configured to use the external store continues to use the policy store to identify administrators.
- Legacy Administrators, including the default SiteMinder super user account, can continue to do the following:
- Manage SiteMinder objects in the FSS Administrative UI
- Manage the Policy Management API
- Function as a Trusted Host administrator
- Use Policy Server tools, such as smobjimport and smobjexport
- Legacy Administrators, including the default SiteMinder super user account, can no longer manage SiteMinder objects in the Administrative UI.
- If you have Legacy Administrators who must continue using the Administrative UI, use your vendor-specific tools to add these users to the external store. Once the user identities are established in the external store, you can reinstate these privileges by mapping the existing user paths from the policy store to the external store.
Important! External administrator authentication does not let a single Legacy Administrator account retain rights to the Administrative UI, the FSS Administrative UI, the Policy Management API, and Trusted Host privileges at the same time. If a Legacy Administrator must continue functioning in these roles, leave the Legacy Administrator unchanged. Be sure that the user is present in the external store and separately configure a new Administrator using the external user identity.
- A super user that you identify when configuring the connection to the external store replaces the default SiteMinder super user account. The external user becomes the super user and has maximum permissions in the Administrative UI and access to all Policy Server tools.
Use the external super user to delegate permissions to new Administrators.