New Driver Configuration and Identity Manager Password Synchronization

If you have not used Password Synchronization 1.0 in your environment, and you are creating a new driver or replacing an existing configuration with a new Identity Manager configuration, use the following instructions to set up the new Identity Manager Password Synchronization functionality.

  1. Make sure your environment is ready to use Universal Password. See Preparing to Use Identity Manager Password Synchronization and Universal Password.

  2. Create a new driver, or replace an existing driver's configuration with the Identity Manager 2 configuration.

    The Identity Manager configurations contain the policies and other items necessary for Identity Manager Password Synchronization. See the individual DirXML Driver Guides for information on importing the new sample driver configurations.

  3. Turn on Universal Password for users by creating Password Policies with Universal Password enabled.

    See Creating Password Policies. If you previously used Universal Password with NetWare 6.5, note that there are some extra steps described in (NetWare 6.5 only) Re-Creating Universal Password Assignments.

    We recommend that you assign Password Policies as high up in the tree as possible.

    In the Password Policy, Universal Password > Configuration Options, there are options for how you want NMAS to keep the different kinds of passwords synchronized.

    For examples of scenarios for using Password Synchronization, and how Password Policies fit in, see Implementing Password Synchronization. See also the online help.

  4. (Active Directory, NIS, or NT Domain only) Install new Password Synchronization filters and configure them if you want the connected systems to provide user passwords to Identity Manager:

    For instructions, see the driver implementation guide for each of these drivers, at DirXML Drivers.

  5. Make sure your password flow is set the way you want it for each connected system.

    1. In iManager, click Password Management > Password Synchronization, and search for the drivers for connected systems you want to manage.

    2. View the current settings for password flow. This is a graphical interface for the global configuration values (GCVs). Edit them by clicking the name of a driver.

      You can edit settings for

      • Whether Identity Manager accepts passwords from this system
      • Which password you want Identity Manager to update: Universal Password directly, or Distribution Password directly. Identity Manager controls the entry point, meaning which password Identity Manager updates. NMAS controls the flow of passwords between each different kind of password, based on what you have set in the Password Policy in Universal Password > Configuration Options.
      • Whether the Password Policy for the user is enforced on password changes coming in to Identity Manager
      • Whether the Password Policy for the user is enforced on the connected system by resetting passwords that don't comply
      • Whether passwords are accepted by this connected system
      • Whether e-mail notifications are sent when password synchronization fails

    For more information and screen captures for these options, see Implementing Password Synchronization. See also the online help.

  6. Test password synchronization:

    • Confirm that the Identity Manager password is distributed to the systems you specified
    • Confirm that the connected systems you specified are publishing passwords to Identity Manager.

    For troubleshooting tips, see Implementing Password Synchronization.