When configuring the identity applications, this tab defines the values for managing single sign-on access to the applications.
By default, the tab displays the basic options. To see all settings, click Show Advanced Options. This tab includes the following groups of settings:
For more information about configuring single sign-on access, see Section XIII, Configuring Single Sign-on Access in Identity Manager.
This section defines the values for the URL that users need to access the landing page for the identity applications. Usually, this URL directs users to Identity Manager Home.
Figure 35-1 Landing
Required
Specifies the name that you want to use to identify the single sign-on client for Identity Manager Home to the authentication server. The default value is ualanding.
Required
Specifies the password for the single sign-on client for Identity Manager Home.
Required
Specifies the relative URL to use to access the Provisioning Dashboard from Identity Manager Home. The default value is /dash.
Required
Specifies the absolute URL to which the authentication server redirects a browser client when authentication is complete.
Use the following format: protocol://server:port/path. For example, http://10.10.10.48:8180/landing/com.netiq.test.
This section defines the values for the URL that users need to access the landing page for the identity applications. Usually, this URL directs users to Identity Manager Home.
Figure 35-2 Dashboard
Required
Specifies the name that you want to use to identify the single sign-on client for Identity Manager Provisioning Dashboard to the authentication server. The default value is uadash.
Required
Specifies the password for the single sign-on client for Identity Manager Provisioning Dashboard.
Required
Specifies the absolute URL to which the authentication server redirects a browser client when authentication is complete.
Use the following format: protocol://server:port/path. For example, http://10.10.10.48:8180/dash/com.netiq.test.
Required
Specifies the value that the Roles Based Provisioning Module uses to identity a user’s email attribute in the user information REST API results.
The value must match the Entities configured using Designer. The default value is Email.
Required
Specifies the value that the Roles Based Provisioning Module uses to identity a user’s phone number attribute in the user information REST API results.
The value must match the Entities configured using Designer. The default value is TelephoneNumber.
Required
Specifies the value that the Roles Based Provisioning Module uses to identity a user’s mobile phone number attribute in the user information REST API results.
The value must match the Entities configured using Designer. The default value is MobileNumber.
Required
Specifies the value that the Roles Based Provisioning Module uses to identity a user’s first name attribute in the user information REST API results.
The value must match the Entities configured using Designer. The default value is FirstName.
Required
Specifies the value that the Roles Based Provisioning Module uses to identity a user’s location attribute in the user information REST API results.
The value must match the Entities configured using Designer. The default value is Location.
Required
Specifies the value that the Roles Based Provisioning Module uses to identity a user’s department attribute in the user information REST API results.
The value must match the Entities configured using Designer. The default value is Department.
Required
Specifies the value that the Roles Based Provisioning Module uses to identify a user’s last name attribute in the user information REST API results.
The value must match the Entities configured using Designer. The default value is LastName.
Required
Specifies the value that the Roles Based Provisioning Module uses to identity a user’s job title attribute in the user information REST API results.
The value must match the Entities configured using Designer. The default value is Title.
This section defines the values for the URL that users need to access the User Application.
Figure 35-3 RBPM
Required
Specifies the name that you want to use to identify the single sign-on client for the User Application to the authentication server. The default value is rbpm.
Required
Specifies the password for the single sign-on client for the User Application.
Required
Specifies the relative URL to use to access Identity Manager Home from the User Application. The default value is /landing.
Required
Specifies the absolute URL to which the authentication server redirects a browser client when authentication is complete.
Use the following format: protocol://server:port/path. For example, http://10.10.10.48:8180/IDMProv/oauth.
This option is initially set to Auto. Once the certificate is created in the Security container, this option is set to No Change by default.
IMPORTANT:NetIQ recommends to change the default option to Auto only when the RBPMTrustedRootcertificate expires. Do not change the default option frequently.
Applies when you select Manual PKCS8.
Specifies they public key certificate that you want to use for SAML authentication.
Applies when you select Manual PKCS8 or Manual PKCS12.
Specifies the file that contains the signing key which RBPM uses for SAML authentication.
Applies when you select Manual PKCS8 or Manual PKCS12.
Specifies the password which protects the file containing the signing key which RBPM uses for SAML authentication.
Applies when you select Manual PKCS12.
Specifies the alias of the signing key in the keystore.
IMPORTANT:The NMAS certificate is automatically created if you change the value of RBPM to eDirectory SAML configuration setting to Auto.
This section defines the values for the URL that users need to access Identity Reporting. The utility display these values only if you add Identity Reporting to your Identity Manager solution.
Figure 35-4 Reporting
Required
Specifies the name that you want to use to identify the single sign-on client for the Identity Reporting to the authentication server. The default value is rpt.
Required
Specifies the password for the single sign-on client for Identity Reporting.
Required
Specifies the relative URL to use to access Identity Manager Home from Identity Reporting. The default value is /landing.
If you installed Identity Reporting and the identity applications in separate servers, then specify an absolute URL. Use the following format: protocol://server:port/path.
Required
Specifies the absolute URL to which the authentication server redirects a browser client when authentication is complete.
Use the following format: protocol://server:port/path. For example, http://10.10.10.48:8180/idmrpt/oauth.
This section defines the values for managing the Data Collection Services driver. For more information about the driver, see Section 40.0, Managing the Drivers for Reporting.
Figure 35-5 DCS
Specifies the name that you want to use to identify the single sign-on client for the Data Collection Service driver to the authentication server. The default value for this parameter is dcsdrv.
Specifies the password for the single sign-on client for the Data Collection Service driver.
This section defines the values for the URL that users need to access Catalog Administrator.
Figure 35-6 catalog Administrator
Required
Specifies the name that you want to use to identify the single sign-on client for Catalog Administrator to the authentication server. The default value is rra.
Required
Specifies the password for the single sign-on client for Catalog Administrator.
Required
Specifies the relative URL to use to access Identity Manager Home from Catalog Administrator. The default value is /landing.
Required
Specifies the absolute URL to which the authentication server redirects a browser client when authentication is complete.
Use the following format: protocol://server:port/path. For example, http://10.10.10.48:8180/rra/com.netiq.test.
This section defines the values for the identity applications to communicate with SSPR.
Figure 35-7 SSPR
Required
Specifies the name that you want to use to identify the single sign-on client for SSPR to the authentication server. The default value is sspr.
Required
Specifies the password for the single sign-on client for SSPR.
Required
Specifies the absolute URL to which the client will redirect when actions such as password changes or challenge questions have been completed in SSPR. For example, forward to the Identity Manager home page.
Use the following format: protocol://server:port/path. For example, http://10.10.10.48:8180/sspr/public/oauth.