When using Designer for Identity Manager, observe best practices.
Before giving a consultant an Identity Vault administrator password, limit the rights assigned to that administrator to areas of the tree that the consultant must access. Doing so protects sensitive data from being misused, damaged, or unintentionally compromised.
After a consultant has completed work, change the password of the user (for example, admin) that the consultant used. If you created a special user (for example, consadmin) for that consultant to use, delete that user or change passwords. Doing so restricts access and brings closure to the consulting process.
Delete the project files (.proj) or save them to a company directory.
Designer .proj files are to remain at the company’s project site. A consultant does not take the files after completing a project.
After project files, log files, and trace files are no longer needed, delete them. These files might contain sensitive information.
Before discarding or surplusing a laptop, verify that project files have been cleaned. Otherwise, someone might discover sensitive information.
Ensure that the connection from Designer to the Identity Vault server is physically secure. Otherwise, someone could monitor the wire and pull sensitive information.
When you create documents by using the Document Generator, take care with those documents. These documents can contain passwords and sensitive data in clear text.
If Designer needs to read or write to an eDirectory™ attribute, you can mark the attribute to be encrypted and allow the attribute to be read over the wire in clear text. This means that you can have encrypted attributes, but they cannot be retrieved securely.
Do not store passwords that are sensitive.
At this time, Designer projects are not encrypted. Passwords are only encoded.Therefore, do not share Designer projects that have saved passwords.
To save a password for a session, but not save it to the project:
In an expanded Outline view, right-click an Identity Vault.
On the Configuration page, type a password, then click.
You can enter a password once per session. After you close Designer, the password is lost.
To save a password to the project, complete Step 1 through Step 3, select, then click .
For information on security issues relating to the User Application, see the “Security Configuration” section in the Identity Manager User Application: Administration Guide.