Before you can create Entitlement policies, you need an Entitlements Service Driver object. You must create one for each driver set.
If you don’t have an object, you are prompted to create one when you click the Role-Based Entitlements role and task.
Find out whether you already have an Entitlements Service driver.
In iManager, click, then select the driver set.
If the No Entitlements Service Driver page appears, continue with Step 2 to create an Entitlements Service Driver object.
If a Role-Based Entitlements page appears with a list of Entitlement Policies, you already have an Entitlements Service Driver object. You don’t need to complete this procedure. Continue with Section 6.7, Creating Entitlement Policies.
In the No Entitlements Service Driver page, click.
The Create Driver Wizard opens.
You can also click.
In the Create Driver Wizard page, Select, then click .
In thedrop-down list, select .
Name the Entitlements Service Driver object (or accept the default name), then click.
The correct driver configuration file is chosen automatically. Just specify a name for the driver object or use the default.
We recommend that you define security equivalences and exclude administrative roles. Add user Admin to both of these selections, then click.
Review the summary, then click.
The driver shim for the Entitlements Driver is installed by default when you install Identity Manager. The Entitlements Driver configuration file is installed by default when you install the Identity Manager plug-ins on your iManager server.
After completing the Wizard, you can access the plug-ins for Entitlements and begin creating Role-Based Entitlement Policies for this driver set.
IMPORTANT:If the driver set that hosts the Entitlement Services driver is assigned to more than one server, the Entitlement Services driver must be enabled on only one of those servers at a time. No other configuration is supported.
Although you can add more than one server to the driver set containing the Entitlement Services driver in iManager, the Role-Based Entitlements plug-in in iManager checks to see if the driver set is assigned to multiple servers and displays a configuration error message if it is. Even though other methods (LDAP calls, etc.) won’t give you such configuration error messages, the only supported configuration is to associate the Entitlements Services driver to one server.