We are migrating from legacy Identity Manager installation (non Virtual Appliance environment) to Virtual Appliance (vApp) environment. The legacy Identity Manager uses the Enterprise Directory as the User Store. We want to confirm if it is not a requirement for either the SiteMinder Authentication directory or Authorization directory be hosted by the Virtual Appliance embedded CA Directory User Store. Can the Enterprise Directory continue to perform this function?
Component : CA Identity Suite
1. Regardless of whether this is Identity Manager running on vApp or not, you can always configure a different Authentication directory in Single Sign-On as long as the Identity Manager User Store is the Authorization directory. You can achieve this using credential/identity mapping (refer to https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/directory-mapping/identity-mappings-configuration.html) in Single Sign-On.
2. In any condition where Identity Manager and Single Sign-On are integrated, Identity Manager offload the password data attribute management to Single Sign-On, meaning that if you don’t enable the integration between the products, both products will write to the password data attribute intermediately, each with different encryption method which will cause the customer to lose things like password history etc.
3. The only supported Single Sign-On/Identity Manager solution is using the full integration.