Configuring the Identity external user registry

Edit online

Use the Identity External User Registry Configuration page to configure, reconfigure, or unconfigure the external user registry for the IBM Verify Identity Governance - Virtual Appliance.

Before you begin

Make sure to add the required users to the Identity external user registry before you work from the Identity External User Registry Configuration page.

For more information, see Adding required users to the external user registry.

About this task

Configure, reconfigure, or unconfigure the external user registry options. See Table 1.

Table 1. Identity external user registry configuration details
Button	Identity external user registry options
Configure	External registry type Select an external registry type from the list: IBM® Security Directory Server Oracle Directory Server Microsoft Active Directory Host name Specify the name of the server that hosts the directory server. The acceptable formats for the host name are FQDN, IPv4, and IPv6. For example, `isvgim.example.com`. Port Specify the directory service port. For example, `389`. You can select or clear the SSL check box to manage the secure connection. Principal DN Specify the principal distinguished name. For example, `cn=root`. Password Specify the password for the principal distinguished name. External registry DN location Specify the location of the external registry DN. For example, `dc=com`. Identity Manager system user Specify the name for the IBM Verify Identity Governance system user. For example, `isimsystem`. Identity Manager system user password Specify the password for the IBM Verify Identity Governance system user. User Filter Filters the registry for the IBM Verify Identity Governance user. Specify the LDAP filter that is based on the directory server attributes. For example: For Directory Server, `(&(uid=%v)(objectclass=inetOrgPerson))` utilizes user IDs `(uid)` and the `inetOrgPerson` object class to find the users. At run time, `%v` is replaced with the `uid` attribute of user, which must be a unique key within the same object class in LDAP and `uid` must be part of the DN. DN might be in the following form `dn:uid=isimsystem, dc=com`.
Reconfigure	External registry type Select an external registry type from the list: IBM Security Directory Server Microsoft Active Directory Oracle Directory Server Host name Specify the name of the server that hosts the directory server. The acceptable formats for the host name are FQDN, IPv4, and IPv6. For example, `isvgim.example.com`. Port Specify the directory service port. For example, `389`. You can select or clear the SSL check box to manage the secure connection. Principal DN Specify the principal distinguished name. For example, `cn=root`. Password Specify the password for the principal distinguished name. External registry DN location Specify the location of the external registry DN. For example, `dc=com`. Identity Manager system user Specify the name for the IBM Verify Identity Governance system user. For example, `isimsystem`. Identity Manager system user password Specify the password for the IBM Verify Identity Governance system user. User Filter Filters the registry for the IBM Verify Identity Governance system user. Specify the LDAP filter that is based on the directory server attributes. For example: For Directory Server, `(&(uid=%v)(objectclass=inetOrgPerson))` utilizes user IDs `(uid)` and the `inetOrgPerson` object class to find the users. At run time, `%v` is replaced with the `uid` attribute of user, which must be a unique key within the same object class in LDAP and `uid` must be part of the DN. DN might be in the following form `dn:uid=isimsystem, dc=com`.

Procedure

From the top-level menu of the Appliance Dashboard, click Configure > Manage Server Setting > Identity External User Registry Configuration.
The Identity External User Registry Configuration page displays the Identity External User Registry Configuration table.
Click Configure.
In the Identity External User Registry Configuration Details window, specify the expected variable values.
For more information, see Table 1.
Click Save Configuration to complete this task.

A window with certificate information is displayed if you selected the SSL check box during configuration.
Click Yes to confirm.

Note: The external user registry configuration takes some time. Do not refresh or close the page. Wait for the configuration process to complete.

A message in the Notifications widget indicates you to restart the Verify Identity Governance Server.
From the Server Control widget, do these steps.
1. Select Identity Manager server.
2. Click Restart.
See Viewing the Server Control widget.
Synchronize the member nodes of the cluster with the primary node.
See Synchronizing a member node with a primary node.
From the Server Control widget, restart the Verify Identity Governance Server again on the primary node.
Log on to the IVIG Console from the primary node by using the Identity external user registry user credentials.
Optional: To reconfigure an existing Identity external user registry, do these steps:

Note: Before you reconfigure, create a snapshot to recover from any configuration failures. See Managing the snapshots.
1. From the Identity External User Registry Configuration table, select a record.
  For example, IBM Verify Identity Governance User Registry.
2. Click Reconfigure.
3. In the Edit Identity External User Registry Configuration Details window, edit the configuration variables.
  For more information, see Table 1.
4. Click Save Configuration to complete this task.
  A window opens that displays the certificate information.
5. Click Yes to confirm.
  
  Note: The external user registry reconfiguration takes some time. Do not refresh or close the page. Wait for the reconfiguration process to complete.
Optional: To unconfigure an existing external user registry, do these steps:
1. From the Identity External User Registry Configuration table, select a record.
2. Click Unconfigure.
3. Click Yes to confirm.