IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Provisioning users

User provisioning is signing up user to use the IBM® Security Access Manager for Enterprise Single Sign-On. When provisioning the user, the IBM Security Access Manager for Enterprise Single Sign-On account is created and stored in the IMS Server database.

The optimum process for most environments is to provision users after completing the following tasks in this order:

Installing the IMS Server.
Deploying the IMS Server.
Configuring the directory server
Provisioning an IMS Server Administrator.

Users are provisioned through the following options:

Self-service sign-up through AccessAgent or through AccessAssistant Web Workplace. Users can click the sign-up link.
Automatic sign-up through AccessAgent or through AccessAssistant Web Workplace when user first logs on with Active Directory credentials. This option is applicable only if Active Directory synchronization is enabled.
Provisioning API

Provisioning tools

Users can be provisioned through the following option:

Using a provisioning system

You can use a provisioning system such as a Tivoli® Identity Manager or other integrated third party solutions that can call the IBM Security Access Manager for Enterprise Single Sign-On provisioning APIs.

With provisioning systems, user credential Wallets can be provisioned and populated even before the first user logs on to AccessAgent.

To integrate with Tivoli Identity Manager, you must deploy the Tivoli Identity Manager Adapter for IBM Security Access Manager for Enterprise Single Sign-On into the Tivoli Identity Manager server. For the adapter details, see https://www-304.ibm.com/support/docview.wss?rs=644&uid=swg21396546&context=SSTFWV&cs=utf-8&lang=en&loc=en_US.

See the IBM Security Access Manager for Enterprise Single Sign-On Provisioning Integration Guide for the provisioning APIs.

Feedback