Product deployment overview
IBM® Security Access Manager for Enterprise Single Sign-On deployment in an organization involves the installation and configuration of the different product components, policy configurations, and AccessProfiles.
Before you begin
There must be an enterprise directory that is existing and is operating.
Example deployment
Task | Reference Guide |
---|---|
Install the WebSphere® Application Server on each IMS Server host running on the Windows Server. |
|
Install the Update Installer on each IMS Server host. |
|
Install and configure the IBM HTTP Server on each IMS Server host or on a separate tier of hosts. |
|
Install and apply the latest fix packs for the WebSphere Application Server and IBM HTTP Server. | |
Install a database server instance on a designated database host if there is none. |
|
Create a Database Administrator. |
|
Create an Enterprise Directory lookup user. The lookup user is someone who authenticates in the Enterprise Directory and searches for other users. IBM Security Access Manager for Enterprise Single Sign-On uses the lookup user to retrieve user attributes from the Active Directory enterprise repository. |
|
Create an IMS Server database. This database serves as the central repository for all IBM Security Access Manager for Enterprise Single Sign-On system and user data. |
|
Run the IMS Server installer on either an existing or dedicated server to install the IMS Server applications – ISAMESSOIMS and ISAMESSOIMSConfig. |
|
Configure the IMS Server for initial use with the IMS Server Configuration Wizard. Configure the IMS Server data sources, certificate, URL, and enterprise directory. |
|
Use the Setup Assistant tool in the IMS Configuration
Utility to provision the first IMS Administrator. Note: You can also configure
the enterprise directory if you have not done it yet.
|
|
Use the Setup Assistant tool in AccessAdmin to
configure the default system, machine, and user policies.
|
|
Deploy RFID, smart card, and biometric readers and software to employee client workstation, where appropriate. |
|
Pre-configure several AccessAgent parameters by modifying the SetupHlp.ini file that is found in the AccessAgent Config folder. |
|
Pre-provision users. |
|
Install AccessAgent on all employee client workstations and Citrix or Terminal Server that require single sign-on services. You can deploy AccessAgent through a Tivoli® Provisioning Manager, an Active Directory Group Policy Object (AD GPO) or other push installation options for Windows. |
|
Install AccessStudio on an Administrator workstation to manage single sign-on profiles. |
|
Use AccessStudio to create and upload AccessProfiles for supported authentication services and applications through automatic logon or logoff. |
|
(Optional) Create scripts.
|
|
Let users log on either through AccessAgent or AccessAssistant. |
|