Identity Governance allows you to define the values it uses for authentication matching and the values for the services it runs. You define the values in the Identity Governance Configuration utility.
From a command prompt launch the Identity Governance Configuration utility with the database password. For more information, see Section 14.1.3, Using the Identity Governance Configuration Utility.
Click the Security Settings tab.
Use the following information to define the values for authentication matching.
Specifies how Identity Governance authenticates login requests and grants the appropriate permissions to users. Enter one or more rules that Identity Governance uses to compare attributes in the SUSER table, such as dn, with attributes retrieved from the authentication service. Specify the matching rules using properties named iac.auth.matching.rule.N.attrs where N specifies the order that Identity Governance uses the rule to match users, such as 1, 2, 3, and so on.
Keep in mind the following points:
For best results, add an index for the matching rule attributes.
Identity Governance evaluates only collected attribute values for the matching rules, not edited values.
When an attribute value is a string, Identity Governance performs an exact case match by default.
IMPORTANT:Set all matching rule attributes with the following list and search options in the Identity Governance User (identity) schema:
Display in lists and detail views
Available in catalog searches. Changes take effect after publication.
For more information, see Extending the Identity Governance Schema
in Identity Governance 3.6 User and Administration Guide.
Specifies the mapping of SUSER attributes to OSP attributes using a comma-separated list of attribute name pairs. Use the format SUSER attribute:OSP attribute. For example, dn:name,lastName:last_name,firstName:first_name,emails:email maps the SUSER attributes of dn, lastName, firstName, and emails to the OSP attributes of name, last_name, first_name, and email.
Defines the values for the Identity Governance SSO client. You must define the values of the SSO client service for the following items:
Specifies the name that you want to use to identify the Identity Governance SSO client ID. The default value is iac.
Specifies the password for the Identity Governance SSO client ID.
Defines what the general service uses for a response. The default response type is password.
Defines the values for the Identity Governance general service. You must define the values of the general service for the following items:
Specifies the name that you want to use to identify the Identity Governance general service. The default value is iac-service.
Specifies the password for the Identity Governance general service ID.
Defines what the general service uses for a response. The default response type is client_credentials.
Define the values for the data collection service. You must define the values of the data collection service for the following items:
Specifies the name that you want to use to identify the data collection service. The default value is iac-daas.
Specifies the password for the data collection service.
Defines what the data collection service uses for a response. The default response type is client_credentials.
Define the values for the workflow server. You must define the values of the workflow service for the following items:
Specifies the name that you want to use to identify the workflow service. The default value is wf.
Specifies the password for the worflow service.
Defines what the workflow service uses for a response. The default response type is client_credentials.
Define the values for the data transformation service. You must define the values of the data transformation service for the following items:
Specifies the name that you want to use to identify the data transformation service. The default value is iac-dtp.
Specifies the password for the data transformation service.
Defines what the data transformation service uses for a response. The default response type is client_credentials.
Specifies that you want to use test IDs to run utilities that interact with Identity Governance without creating client IDs for each utility.
Click Save to save the changes.