NetIQ Access Manager 4.3 Administration Guide
- NetIQ Access Manager 4.3 Administration Guide
- Overview
- How Access Manager Solves Business Challenges
- How Access Manager Works
- Access Manager Components and Their Features
- Language Support
- Configuring Access Manager
- Configuring Administration Console
- Configuring the Default View
- Managing Administration Console Session Timeout
- Managing Administrators
- Changing the IP Address of Access Manager Devices
- Mapping the Private IP Address to Public IP Address
- Setting Up a Basic Access Manager Configuration
- Understanding Access Manager Process Flow
- Prerequisites for Setup
- Configuring an Identity Server
- Identity Servers Cluster
- Configuring Identity Server Shared Settings
- Configuring Access Gateway
- Access Gateways Clusters
- Protecting Web Resources Through Access Gateway
- Configuring Trusted Providers for Single Sign-On
- Configuring Single Sign-On to Specific Applications
- Configuring a Protected Identity Server Through Access Gateways
- Sample Configuration for Protecting an Application Through Access Manager
- Setting Up an Advanced Access Manager Configuration
- Identity Server Advanced Configuration
- Access Gateway Server Advance Configuration
- Access Gateway Content Settings
- Access Gateway Advanced Options
- Analytics Server Configuration
- Modifying Configuration Files
- Configuring Authentication
- Local Authentication
- Federated Authentication
- Advanced Authentication
- Social Authentication
- Risk-based Authentication
- Device Fingerprinting
- How It Works
- Understanding Device Fingerprint Parameters
- Configuring a Device Fingerprint Rule
- Configuring an Example Device Fingerprint Policy
- Enabling Mobile and Web Access
- User Requirements for MobileAccess
- Configuring Appmarks
- Configuring MobileAccess
- Helping Users Register Their Mobile Devices
- Installing MobileAccess on a Mobile Device
- Understanding the MobileAccess PIN
- Managing Mobile Devices
- Changing the Branding of the User Portal Page
- Access Manager Policies
- Understanding Policies
- Role Policies
- Authorization Policies
- Identity Injection Policies
- Form Fill Policies
- External Attribute Source Policies
- Risk-based Policies
- High Availability and Fault Tolerance
- Installing Secondary Versions of Administration Console
- Configuration Tips for the L4 Switch
- Setting up L4 Switch for IPv6 Support
- Using a Software Load Balancer
- Security And Certificates
- Securing Access Manager
- Securing Administration Console
- Protecting the Configuration Store
- Security Considerations for Certificates
- Configuring Secure Communication on Identity Server
- Security Considerations for Identity Server
- Enabling Secure Cookies
- Preventing Cross-site Scripting Attacks
- Setting Up Advanced Session Assurance
- Understanding Access Manager Certificates
- Process Flow
- Access Manager Trust Stores
- Access Manager Keystores
- Creating Certificates
- Creating a Locally Signed Certificate
- Editing the Subject Name
- Assigning Alternate Subject Names
- Generating a Certificate Signing Request
- Importing a Signed Certificate
- Managing Certificates and Keystores
- Viewing Certificate Details
- Adding a Certificate to a Keystore
- Renewing a Certificate
- Exporting a Private/Public Key Pair
- Exporting a Public Certificate
- Importing a Private/Public Key Pair
- Managing Certificates in a Keystore
- Using Multiple External Signing Certificates
- Assigning Certificates to Access Manager Devices
- Importing a Trusted Root to the LDAP User Store
- Managing Identity Server Certificates
- Assigning Certificates to an Access Gateway
- Changing a Non-Secure (HTTP) Environment to a Secure (HTTPS) Environment
- Managing Trusted Roots and Trust Stores
- Managing Trusted Roots and Trust Stores
- Viewing External Trusted Roots
- Enabling SSL Communication
- Enabling SSL Communication
- Using SSL on Access Gateway Communication Channels
- Configuring SSL for Authentication between Identity Server and Access Manager Components
- Prerequisites for SSL
- Configuring SSL Communication with Browsers and Access Gateway
- Configuring SSL between the Proxy Service and the Web Servers
- Configuring the SSL Communication
- Maintaining Access Manager
- Analytics Dashboard
- Advantages of Using Analytics Dashboard
- Architecture
- Who Can Access Analytics Dashboard
- Prerequisites
- Enabling Events for Each Graph
- Viewing Data in Analytics Dashboard
- Types of Graphs
- Accessing Analytics Dashboard
- Managing Analytics Dashboard
- Auditing
- Enabling Auditing
- Enabling Identity Server Audit Events
- Enabling Access Gateway Audit Events
- Reporting
- Overview
- Using Reporting with Sentinel
- Using Reporting with Analytics Server
- Enabling Reporting
- Generating Reports in Sentinel
- Logging
- Understanding the Types of Logging
- Understanding the Log Format
- Identity Server Logging
- Access Gateway Logging
- Downloading Log Files
- Turning on Logging for Policy Evaluation
- Monitoring Component Statistics
- Identity Server Statistics
- Access Gateway Statistics
- Component Statistics Through REST APIs
- Monitoring Component Command Status
- Viewing the Command Status of Identity Server
- Viewing the Command Status of Access Gateway
- Viewing the Command Status of the Analytics Server
- Reviewing the Command Status for Certificates
- Monitoring Server Health
- Health States
- Monitoring Health by Using the Hardware IP Address
- Monitoring Health of Identity Servers
- Monitoring the Health of Access Gateways
- Monitoring the Health of Analytics Server
- Monitoring Alerts
- Monitoring Identity Server Alerts
- Monitoring Access Gateway Alerts
- Monitoring Analytics Server Alerts
- Monitoring Access Manager By Using Simple Network Management Protocol
- SNMP Architecture in Access Manager
- Features of Monitoring in Access Manager
- Using the Default MIB File with External SNMP Systems
- Querying For SNMP Attributes
- Installing and Enabling Monitoring for Access Manager Components
- Impersonation
- Impersonation Terminology
- Prerequisites
- Enabling Impersonation
- Impersonation Flow
- Implementing Impersonation in Custom Portal Pages
- Audit Event for Impersonation
- Troubleshooting
- Back Up and Restore
- How The Backup and Restore Process Works
- Backing Up the Access Manager Configuration
- Restoring the Access Manager Configuration
- Restoring an Identity Server
- Restoring an Access Gateway
- Code Promotion
- How Code Promotion Helps
- Sequence of Promoting the Configuration Data
- Prerequisites
- Limitations
- Configuring Custom File Paths
- Exporting the Configuration Data
- Importing the Configuration Data
- Troubleshooting Code Promotion
- Troubleshooting
- Troubleshooting Administration Console
- Troubleshooting Access Gateway
- Troubleshooting Identity Server and Authentication
- Troubleshooting Analytics Server
- Troubleshooting Certificate Issues
- Troubleshooting Access Manager Policies
- Troubleshooting MobileAccess
- Troubleshooting Code Promotion
- Troubleshooting the Device Fingerprint Rule
- Troubleshooting Advanced Session Assurance
- Troubleshooting XML Validation Errors on Access Gateway Appliance
- Troubleshooting OAuth and OpenID Connect
- Troubleshooting User Attribute Retrieval and Transformation
- Troubleshooting Impersonation
- Troubleshooting Branding
- Using Log Files for Troubleshooting
- Access Manager Audit Events and Data
- Event Codes
- Appendix
- Data Model Extension XML
- Elements
- Writing Data Model Extension XML
- SOAP versus REST API
- OAuth versus Other Protocols
- Access Manager Reports Samples
- Application Access Summary Report
- User Application Access Summary Report
- Application Specific User Access Report
- Federation Summary Report
- User Login Contract Summary Report
- User Login Failure Report
- Application Specific Risk based Authentication Report
- Legal Notice