Defining IBM Security Verify Access Accounts

For users that access IBM Verify Identity Governance, you must define IBM Security Verify Access user accounts in addition to Identity Manager user accounts.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

About this task

Use Identity Manager to provision the IBM Security Verify Access user accounts.

This example defines myaccount as an identical user account for both applications. Use identical user accounts for both the IBM Security Verify Access and IBM Verify Identity Governance. Otherwise, you must configure the user account mapping.

Procedure

  1. On the computer on which IBM Security Verify Access is installed, start the IBM Security Verify Access utility. Type pdadmin at a command prompt.
    This prompt can be on the IBM Security Verify Access Authorization Server or the IBM Security Verify Access Policy Server. You can also use IBM Verify Identity Governance to provision IBM Security Verify Access user accounts.
  2. Take the following steps:
    1. Log in to a secure domain as the sec_master administration user to use the utility.
    2. At the command prompt, type login.
    3. Type sec_master when prompted for a user ID.
    4. Specify the associated password at the Enter Password prompt.
    For example:
    pdadmin> login
    Enter User ID: sec_master
    Enter Password: password
    pdadmin> 
  3. Define the example myaccount user account on IBM Security Verify Access with the user create command.
    user create [-gsouser][-no-password-policy] user_name dn cn sn password [groups]
    Where:
    -gsouser
    Enables global sign-on.
    -no-password-policy
    Enables the administrator to create the user with an initial password that is not checked by the existing global password policies.
    user_name
    Specifies the name of the user.
    dn
    Specifies the registry identifier assigned to the user you want to create. The format for a distinguished name is like:
    cn=Mary Jones,ou=Austin,o=IBM,c=us
    cn
    Specifies the common name assigned to the user you want to create. For example, Mary.
    sn
    Specifies the family name of the user. For example, Jones.
    password
    Specifies the new user account password.
    groups
    Specifies a list of groups to which the new user is assigned.

    For example, type:

    user create "myaccount" "cn=FirstName LastName,o=ibm,c=us" 
    "FirstName LastName" "LastName" password
    
  4. To make the user account valid, type user modify "myaccount" account-valid yes.