Configuring provisioning for IBM Privilege Vault

Edit online

This configuration provisioning guide provides the basic information that is needed to install and configure IBM® Privilege Vault. The adapter enables connectivity between the IBM Verify server and IBM Privilege Vault.

Before you begin

Note: IBM Privilege Vault provisioning is not supported for trial subscriptions.
  1. Make sure IBM Directory Integrator (SDI) v7.2 (PN CJ30YML) is installed for your operating system. See Dispatcher Installation and Configuration Guide for more details.
    Table 1. SDI part numbers

    The eAssembly and part numbers for Security Directory Integrator
    eAssembly number Operating system eImage number
    CJ30YML AIX® CIS7MML
    Linux® CIS7TML
    Solaris CIS7UML
    Windows™ CIS7QML
    For more information, see IBM Directory Integrator Version 7.2 Download Document.
    Note: The default document is for AIX. Scroll down to step 3 to select your operating system.
  2. Install and configure Security Directory IBM Verify Adapter RMI Integrator dispatcher for IBM Directory Integrator v7.2 (PN CC7ZMML). See IBM Identity Adapters v7.x and SDI Dispatcher Installation and Configuration.
  3. Onboard IBM Privilege Vault application. See, Onboarding the IBM Privilege Vault.

About this task

Provisioning provides the following features.

Create new users
New users that are created through IBM Verify are also created in the IBM Privilege Vault application.
Delete users
Deactivating the user or disabling the user's access to the application through IBM Verify deletes the user in the IBM Privilege Vault application.
Modify user profile
Updates made to the user's profile through IBM Verify are pushed to the IBM Privilege Vault application.
User suspend and restore
Suspending a user through IBM Verify deactivates the user and restoring the user through IBM Verify activates the user in the IBM Privilege Vault application.
User synchronization and remediation
Synchronization fetches all the IBM Privilege Vault application users, creates the users on IBM Verify, and according to the remediation policy, modifies the attributes. Group synchronization fetches all the target application groups in IBM Verify.
Fine grained entitlement
Fine grained entitlement is supported for the IBM Security Verify Privilege Vault application. Synchronization fetches all the IBM Privilege Vault application groups. Users can be added to or removed from groups.

Procedure

  1. Login to IBM Verify as an administrator.
  2. Select Applications > Applications.
  3. Select Add application.
  4. Select application of type IBM Verify Privilege Vault.
  5. To configure user provisioning in IBM Verify, you need the following information:
    • Service Name
    • Description
    • IBM Security Directory Integrator location