Advanced Access Control configuration
Use the topics in this hierarchy to configure the Advanced Access Control features, if you activate this module.
This section
provides configuration procedures for the Advanced Access Control
features, including support for Oauth, one time password, and integration
with WebSEAL.
- Upgrading configuration
After you install the upgrade software on a Security Access Manager appliance, you must complete several configuration tasks. - Getting started with Advanced Access Control
Several configuration tasks must be completed in order to start using Advanced Access Control. - Managing application interfaces
To create or edit your management and application interfaces, see Configuring Interfaces. - Managing the runtime component
To manage configuration files with the local management interface, use the Runtime Component management page. - Managing user registries
The appliance runtime profile has a user registry associated. Use the User Registry management page to administer the users and group memberships. The user registry in discussion here is the one used by the runtime applications, not the one used by the management interface. - Runtime security services external authorization service
The runtime security services external authorization service (EAS) provides the policy enforcement point function for context-based access. - Adding runtime listening interfaces
Add your interfaces to the list of runtime listening interfaces. This procedure enables communication between an appliance with Advanced Access Control and another Security Access Manager appliance. - Support for compliance with NIST SP800-131a
Advanced Access Control supports the requirements that are defined by the National Institute of Standards and Technology (NIST) Special Publications 800-131a. - Authentication
Security Access Manager provides user authentication functions that allow for simple and complex authentication scenarios. - OAuth 2.0 and OIDC support
Security Access Manager supports the OAuth 2.0 protocol, including OpenID Connect. - Mobile Multi-Factor Authentication
The IBM Security Access Manager Advanced Access Control component supports authenticator applications. Such support is built around the OAuth 2.0 protocol. - Access control policies
An access control policy is a set of conditions that, after they have been evaluated, determine access decisions. - Defining a custom domain for policy attachments
The administrator can specify a custom domain to separate metadata in a registry. For example, your company might possess metadata that belongs to several companies, and it is a security demand that the data does not overlap. - Deploying pending changes
Some configuration and administration changes require an extra deployment step. - Options for handling session failover events
Advanced Access Control offers several solutions to the challenge of providing sharing of session state across multiple servers in a clustered environment. - Global settings
You can use the LMI to access an administrative menu to configure global settings that are used by both Federation and Advanced Access Control. - Choose a synchronization mode
You can choose synchronization mode types for the IBM Security Access Manager Advanced Access Control component.
Parent topic: Configuring