IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1

Product deployment overview

IBM® Security Access Manager for Enterprise Single Sign-On deployment in an organization involves the installation and configuration of the different product components, policy configurations, and AccessProfiles.

Before you begin

There must be an enterprise directory that is existing and is operating.

Example deployment

Task Reference Guide
Install the WebSphere® Application Server on each IMS Server host running on the Windows Server.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Install the Update Installer on each IMS Server host.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Install and configure the IBM HTTP Server on each IMS Server host or on a separate tier of hosts.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Install and apply the latest fix packs for the WebSphere Application Server and IBM HTTP Server.  
Install a database server instance on a designated database host if there is none.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Create a Database Administrator.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Create an Enterprise Directory lookup user. The lookup user is someone who authenticates in the Enterprise Directory and searches for other users. IBM Security Access Manager for Enterprise Single Sign-On uses the lookup user to retrieve user attributes from the Active Directory enterprise repository.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Create an IMS Server database. This database serves as the central repository for all IBM Security Access Manager for Enterprise Single Sign-On system and user data.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Run the IMS Server installer on either an existing or dedicated server to install the IMS Server applications – ISAMESSOIMS and ISAMESSOIMSConfig.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Configure the IMS Server for initial use with the IMS Server Configuration Wizard. Configure the IMS Server data sources, certificate, URL, and enterprise directory.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Use the Setup Assistant tool in the IMS Configuration Utility to provision the first IMS Administrator.
Note: You can also configure the enterprise directory if you have not done it yet.
  • IBM Security Access Manager for Enterprise Single Sign-On Configuration Guide
Use the Setup Assistant tool in AccessAdmin to configure the default system, machine, and user policies.
  • Set up the system policies.
  • Set up the machine policies.
  • Set up the user policies and set the default user policy template.

    You can create multiple user policy templates for different groups of users. Make sure that the policy templates are assigned correctly.
  • IBM Security Access Manager for Enterprise Single Sign-On Administrator Guide
  • IBM Security Access Manager for Enterprise Single Sign-On Policies Definition Guide
Deploy RFID, smart card, and biometric readers and software to employee client workstation, where appropriate.
  • IBM Security Access Manager for Enterprise Single Sign-On Configuration Guide
Pre-configure several AccessAgent parameters by modifying the SetupHlp.ini file that is found in the AccessAgent Config folder.
  • IBM Security Access Manager for Enterprise Single Sign-On Configuration Guide
Pre-provision users.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Install AccessAgent on all employee client workstations and Citrix or Terminal Server that require single sign-on services. You can deploy AccessAgent through a Tivoli® Provisioning Manager, an Active Directory Group Policy Object (AD GPO) or other push installation options for Windows.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Install AccessStudio on an Administrator workstation to manage single sign-on profiles.
  • IBM Security Access Manager for Enterprise Single Sign-On Installation Guide
Use AccessStudio to create and upload AccessProfiles for supported authentication services and applications through automatic logon or logoff.
  • IBM Security Access Manager for Enterprise Single Sign-On AccessStudio Guide
(Optional) Create scripts.
  • Create a logon script to automatically launch applications when users log on to AccessAgent. Include the logon script in the policy template.
  • Create a logoff script to do clean up operations after users log off from AccessAgent. Include the logoff script in the policy template.
  • Create lock or unlock scripts to perform actions before users lock the screen or after users unlock the screen. Include the lock and unlock scripts in the policy template.
  
Let users log on either through AccessAgent or AccessAssistant.
  • IBM Security Access Manager for Enterprise Single Sign-On User Guide
Parent topic: Planning for deployment

Feedback