The Administration Console has been designed to warn you when another administrator is making changes to a policy container or to an Access Manager device (such as an Access Gateway, SSL VPN, or J2EE Agent). The person who is currently editing the configuration is listed at the top of the page with an option to unlock and with the person’s distinguished name and IP address. If you select to unlock, you destroy all changes the other administrator is currently working on.
WARNING:Currently, locking has not been implemented on the pages for modifying the Identity Server. If you have multiple administrators, they need to coordinate with each other so that only one administrator is modifying an Identity Server cluster at any given time.
Multiple Sessions: You should not start multiple sessions to the Administration Console with the same browser on a workstation. Browser sessions share settings that can result in problems when you apply changes to configuration settings. However, if you are using two different brands of browsers simultaneously, such as Internet Explorer and Firefox, it is possible to avoid the session conflicts.
Multiple Administration Consoles: As long as the primary console is running, all configuration changes should be made at the primary console. If you make changes at both a primary console and a secondary console, browser caching can cause you to create an invalid configuration.
The following sections explain how to create additional administrator accounts, how to delegate rights to administrators and how to manage policy view administrators:
The Administration Console is installed with one admin user account. If you have multiple administrators, you might want to create a user account for each one so that log files reflect the modifications of each administrator. The easiest way to do this is to create a new user as a trustee of the tree root with [Entry Rights] for Supervisor and inheritable rights assignment This also ensures that you have more than one user who has full access to the Administration Console. If you have only one administrator and something happens to the user who knows the name and password of admin account or if the user forgets the password, you cannot access the Administration Console.
To create a new user as a trustee of the tree root:
In the Administration Console, select the Roles and Tasks view in the iManager header.
Click Users > Create User.
Specify all the required details to create a valid user.
NOTE:Select the same Context that the existing administrator has.
Click Rights > Modify Trustees, then select the tree root user.
Add the newly created user as a trustee of the tree root user.
Click Assigned Rights and specify [Entry Rights] for supervisor and inheritable rights assignment.
Click Done.
You can also create delegated administrators and configure them to have rights to specific components of Access Manager. For configuration information for this type of user, see Section 1.5, Managing Delegated Administrators.