Modifying the default provisioning policy for IBM Verify Identity Governance

The next step is to modify the default provisioning policy for IBM Verify Identity Governance.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

You must first be logged on to the IBM Verify Identity Governance administrative console as itim manager.

About this task

A provisioning policy grants access to one or more managed resources. You can use provisioning policies to define or set required attributes. In this task, the IBM Verify Identity Governance administrator sets up a provisioning policy. This action automates the provisioning of users into the system when the DSML feed is reconciled. It provides users with a standard password so that they can log on later to do tasks related to their user type. This process is a simplified example of how Identity Manager fits into an HR on-boarding process.

To modify the default provisioning policy for the Identity Manager service, complete these steps:

Procedure

  1. Log on to the administrative console as an administrator.
  2. From the navigation tree, click Manage Policies > Manage Provisioning Policies.
  3. On the Manage Provisioning Policy page, click Search. A list of all provisioning policies is shown.
  4. In the Provisioning Policies table, click Default provisioning policy for ITIM.
  5. On the General notebook page, ensure that the policy status is set to Enable. Click the Entitlements tab.
  6. On the Entitlements notebook page, complete these steps:
    1. Ensure that there is an entitlement named ITIM Service with a target type of Specific Service and a provision option of Automatic. If the provisioning option is set to Manual, a user account cannot be created when the DSML feed is reconciled and people are populated into the system.
    2. Check the box next to ITIM Service and click Parameters.
  7. On the Entitlement Parameter page, click Create.
  8. On the Add New Parameter page, go to the attribute table page, check the box next to Password and click Continue.
  9. On the Define Constant page, type secret as the password and click Continue. This procedure sets the default password of secret for all users provisioned to ITIM Service.
    In a production environment, do not create a standard password for all users in a provisioning policy. It creates security vulnerabilities.
  10. On the Entitlement Parameter page, click Continue.
  11. On the Entitlements notebook page, click Submit.
  12. On the Schedule page, click Submit.
  13. On the Success page, click Close.