Identity Manager Upgrade - Explaining the Disabled Policy Store Update setting
search cancel

Identity Manager Upgrade - Explaining the Disabled Policy Store Update setting

book

Article ID: 219101

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

During an Identity Manager upgrade, should the ""Disabled policy store update" checkbox found within the IM Management Console be enabled or disabled? 

 

Environment

All Identity Manager

Resolution

The "Disable Policy Store Update" setting is explained on the following product doc page:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-5/configuring/siteminder-integration/integrate-siteminder-with-identity-manager/enable-a-siteminder-integration-with-deployed-identity-manager-environments.html

Disable Policy Store Update: Selecting this option disables the synchronization between the policy store in CA Single Sign-on (formerly SiteMinder) and Identity Manager from both the Directory or the Role Definition XML. This feature only applies to a pairing of CA Single Sign-on and CA Identity Manager. A message is displayed during the XML file's import that the associated Policy Store will not be updated for this environment.

The import of an IM environment that is integrated with Siteminder creates all of the needed SiteMinder configurations (i.e. Domain, Rules Realms, Auth Schemes, etc). The import of the directory sets the search context for userID, password data, and such.
 
If neither of these are going to change during the upgrade then there is no need to enable the "Disable Policy Store Update" setting as all of the objects have already been created previously and the upgrade will update the software binaries. 
Powered by Wolken Software