• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Bookmarks
  • Advanced
• Log In
• Sign Up
• Help
  • Help Wiki
  • Contact Wiki Admin
• Report an Issue
  • Report a Wiki Space Issue
  • Report a Site Wide Issue

1. Wikis Home
2. Identity Suite Essentials
3. …
4. Identity Suite Essentials Home
5. ISE Identity Manager Tutorials
6. ISE Identity Manager Delegated Admin

• Log In

ISE Identity Manager Delegated Admin

• Attachments:14
• Added by ScottFehrman, last edited by ScottFehrman on Jan 13, 2009  (view change)

Comment:

This tutorial is part of the Identity Manager track within the Identity Suite Essentials program.

---

• Description
• Learning Objectives
• Prerequisites
• Setup
• Section 1: Create Security Organization
• Section 2: Create Help Desk Admin
• Section 3: Create Security Admin
• Demonstration
• Section 1: Help Desk Password Management
• Section 2: Security Admin User Management
• Resources

---

Description

This tutorial covers basic delegated administration features of Identity Manager. A helpdesk user is create that has the Capability to do password management for user. An administrator is created that can only manage a specific Organization.

Top

---

Learning Objectives

After completing this tutorial, the following topics should be understood.

1. Creating Organizations
2. Assigning Capabilities to users
3. Scoping users to specific Organizations

Top

---

Prerequisites

The following items must be completed before starting this tutorial.

• Complete the Identity Manager Configuration Tutorial

Top

---

Setup

The following steps need to performed to enable the demonstration.

Section 1: Create Security Organization

Create a new Organization so that we can have a Delegated Admin be responsible for it. 

Note:  This organization will already exist if you completed module 2. Access the Admin Interface http://localhost:8080/idm and log in as: configurator / configurator Select the Accounts tab Select the List Accounts sub-tab Click on the -- New Actions -- Drop Down List Select New Organization
In the Name Text Field, enter System Accounts Click the Save Button
Notice that the System Accounts Organization (Folder) is available.

Section 2: Create Help Desk Admin

The user created in this section will have the ability to Change and Reset passwords for user throughout the organization.

Access the Admin Interface http://localhost:8080/idm and log in as: configurator / configurator Select the Accounts tab Select the List Accounts sub-tab Click on the -- New Actions -- Drop Down List Select New User
Fill out the user attributes: Account ID: helpdesk1 First Name: Help Last Name: Desk1 Email: help.desk@example.com Organization:  Top:System Accounts Password/Confirm: Passw0rd Select the Security Tab
In the Capabilities Multi Select, Assign the following: Password Administrator For the Controlled Organizations, Assign Top Click the Save Button (bottom of the page) Click OK on the following summary page

Section 3: Create Security Admin

The user created in this section will have full admin capabilities but only for the Security Organization.

Access the Admin Interface http://localhost:8080/idm and log in as: configurator / configurator Select the Accounts tab Select the List Accounts sub-tab Click on the -- New Actions -- Drop Down List Select New User
Fill out the user attributes: Account ID: secadmin1 First Name: Security Last Name: Admin1 Email: security@example.com Organization:  System Accounts Password/Confirm: Passw0rd Select the Security Tab
In the Capabilities Multi Select, Assign the following: Account Administrator For the Controlled Organizations, Assign Top:System Accounts Click the Save Button (bottom of the page) Click OK on the following summary page

Top

---

Demonstration

After completing the setup above, the following steps should be performed to complete this tutorial.

Section 1: Help Desk Password Management

Access the Admin Interface http://localhost:8080/idm and log in as: helpdesk1 / Passw0rd Select the Accounts tab Select the List Accounts sub-tab Things to notice ... 1: There are less Admin Tab options (compared to Configurator) 2: There are NO New Actions items 3: Existing Users are NOT click-able links Check the Box in front of the jwayne user From the -- User Actions -- Drop Down List Select the Change Password item
Change the Password Text Field to Password Change the Confirm Password Text Field to Password Make sure that the Check Boxes are SELECTED for: Change Identity system user and all resource accounts Account ID for Identity Manager Account ID for Timecard Click the Change Password Button
Notice the Results: Password Change in Identity Manager Password Changed in Timecard Click the OK Button

Section 2: Security Admin User Management

Access the Admin Interface http://localhost:8080/idm and log in as: secadmin1 / Passw0rd Select the Accounts tab Select the List Accounts sub-tab Things to notice ... There are less Admin Tab options (compared to Configurator) The New Actions Drop Down ONLY has New User This user can only see and control the Security Organization From the -- New Actions -- Drop Down select the New User item
Fill out the user attributes: Account ID: user1 First Name: Security Last Name: Usesr1 Email: user1@example.com Password/Confirm: Passw0rd Notice that the Organization Drop Down List can ONLY be Top:Security Click the Save Button Click OK on the following summary page
The user1 account has been created in the Top:Security Organization and can be managed by the secadmin1 delegated administrator.

Top

---

Resources

The following links provide more information:

• Sun Identity Manager:
  • Product Page
  • Documentation

---

Copyright (c) 2008-2009, Sun Microsystems, Inc.
All rights reserved

Labels parameters

Labels

Enter labels to add to this page:

 

Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.