IDM with SM SSO
Article ID: 139876
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
CA Identity Suite
Issue/Introduction
Since it is a new application, I don't have many details yet, and am waiting for the information from the application team.
But as I know, the app goes through IDM to access our SM for authentication and authorization. Also, they are going to manage some user data after that. What I want to know are:
1) Based on the descriptions above, do they have to have an admin account to do that?
2) in which condition, they must use SM admin authority to manage the user data? From what I understand, they don't need SM Admin to manage any user data.
Please advise.
Environment
Release : 14.3
Component : IdentityMinder(Identity Manager)
Resolution
Based on what you sent:
1) They need an admin like TEWS admin, some sort of proxy account, like a user manager.
2) They do not need SMadmin privliages. IM requires SM admin privliages to create objects in the policy store (domain, roles, rules, realms, user directories) but not to manage the objects in the directories.
3) While the user directory does exist in SM, the SMadmin does not usually have the privliages to edit users in it.
4) The user mentioned in point number one has to exit in the user directory mentioned in 2 and 3 and has to have permissions to edit users.
1) They need an admin like TEWS admin, some sort of proxy account, like a user manager.
2) They do not need SMadmin privliages. IM requires SM admin privliages to create objects in the policy store (domain, roles, rules, realms, user directories) but not to manage the objects in the directories.
3) While the user directory does exist in SM, the SMadmin does not usually have the privliages to edit users in it.
4) The user mentioned in point number one has to exit in the user directory mentioned in 2 and 3 and has to have permissions to edit users.
Feedback
Yes
No
Powered by
