For users that access IBM Verify Identity Governance, you must define IBM Security Verify Access user
accounts in addition to Identity Manager user accounts.
Before you begin
Depending on how your system administrator customized your system, you might not
have access to this task. To obtain access to this task or to have someone complete it for you,
contact your system administrator.
About this task
Use Identity Manager to provision the IBM Security Verify Access user
accounts.
This example defines myaccount as an identical user account for both applications. Use identical
user accounts for both the IBM Security Verify Access and IBM Verify Identity Governance. Otherwise, you must configure the user account mapping.
Procedure
- On the computer on which IBM Security Verify Access is installed,
start the IBM Security Verify Access utility. Type pdadmin at a command
prompt.
This prompt can be on the IBM Security Verify Access Authorization
Server or the IBM Security Verify Access Policy Server. You can also use IBM Verify Identity Governance to provision IBM Security Verify Access user accounts.
- Take the following steps:
- Log in to a secure domain as the sec_master administration user to use the utility.
- At the command prompt, type login.
- Type sec_master when prompted
for a user ID.
- Specify the associated password at the Enter
Password prompt.
For example:
pdadmin> login
Enter User ID: sec_master
Enter Password: password
pdadmin>
- Define the example myaccount user
account on IBM Security Verify Access with the user create command.
user create [-gsouser][-no-password-policy] user_name dn cn sn password [groups]
Where:
- -gsouser
- Enables global sign-on.
- -no-password-policy
- Enables the administrator to create the user with an initial password
that is not checked by the existing global password policies.
- user_name
- Specifies the name of the user.
- dn
- Specifies the registry identifier assigned to the user you want to create. The format for a
distinguished name is
like:
cn=Mary Jones,ou=Austin,o=IBM,c=us
- cn
- Specifies the common name assigned to the user you want to create.
For example, Mary.
- sn
- Specifies the family name of the user. For example, Jones.
- password
- Specifies the new user account password.
- groups
- Specifies a list of groups to which the new user is assigned.
For example, type:
user create "myaccount" "cn=FirstName LastName,o=ibm,c=us"
"FirstName LastName" "LastName" password
- To make the user account valid, type user modify
"myaccount" account-valid yes.