The solution is implemented by enabling Credential Provisioning policies that create and enable the user’s Single Sign-On accounts. A user can have one or more accounts, depending upon how many drivers and applications you have configured to use Single Sign-On.
The Resource Kit contains the policies and resource objects required for the solution to work. The additional products required for this solution must be installed and configured for the solution to work.
Install and configure SecureLogin. For more information, see the Novell SecureLogin 6.1 Installation Guide.
(Optional) Install and configure Novell® SecretStore®. For more information, see the Novell SecretStore 3.4 Installation Guide.
Choose one of the following methods to enable the Credential Provisioning policies:
Enable the Credential Provisioning policies globally by specifying the Credential Provisioning GCV on the driver set:
In the Designer project, right-click the driver set.
Select Table 2-1 to configure the settings under .
, then use the information inClick
to save the changes.Enable the Credential Provisioning policies for each connected system:
In the Designer project, right-click the connected system driver (Active Directory* or Lotus Notes* icon or the driver line in the Modeler), then click
.Select Table 2-1 to configure the settings under .
, then use the information inClick
to save the changes.Repeat Step 5.a through Step 5.c for each application driver.
(Conditional) If the SecretStore or SecureLogin servers are on a separate machine from the Resource Kit image, you must change the server information on the repository objects:
In Designer, click the
tab, then expand the library object.Right-click the lib-CredProv-NSSRepository object, then select
.Change the server-specific information, then click
to save the changes.Right-click the lib-CredProv-NSLRepository object, then select
.Change the server-specific information, then click
to save the changes.Click
in the toolbar to save the Designer project.Deploy the changed project to the Identity Vault. For more information, see Deploying a Project to an Identity Vault
in the Designer 3.5 for Identity Manager 3.6 Administration Guide.
Table 2-1 Credential Provisioning GCV options
Option |
Value |
---|---|
Enable Credential Provisioning Policies |
Set this option to true. By default it is set to false. |
On user creation |
If this is set to true, credentials are provisioned when a user is created. By default, it is set to true. |
On user enable/disable |
If this is set to true, credentials are provisioned when user accounts are enabled and credentials are de-provisioned from user accounts that are disabled. To enhance security new credentials are provisioned every time an enable/disable cycle completes. |
On password changes |
If this is set to true, the credentials are re-provisioned on every password change. |
Application Credential ID |
Specify the ID that SecureLogin uses to identify the provisioned login. This login is linked with an application on the SecureLogin client. |
Application User ID Attribute |
Specify the attribute name used to retrieve the application userid. This is an attribute in the application’s namespace. |
Provision to Novell SecretStore |
Set this to true if the SecretStore is used by the credential provisioning policies. Set it to false if a SecretStore is not used by the credential provisioning policies. By default, it is set to false. |
Provision to Novell SecretStore > SecretStore Shared Secret Type |
If the credential is provisioned to SecretStore, select the SecretStore Shared Secret Type to be used. It is either Credential Set or Application Set. |
Provision to Novell SecretStore > Use Enhanced Protection Password |
Select true if the SecretStore Enhanced Protection Password is to be used. If true is selected, then the named password secretstore-enhanced-protection-password must be properly set. The named password is stored on the driver object. By default, it this is set to false. |
Provision to Novell SecureLogin Repository |
Select true if a SecureLogin repository is used by the Credential Provisioning policies. Select false if a SecureLogin repository is not to be used by the Credential Provisioning policies. By default, it is set to true. |
Provision to Novell SecureLogin Repository > Set Novell SecureLogin Passphrase |
Select true to set a passphrase question and answer for SecureLogin. Select false if a passphrase question and answer should not be set by the Credential Provisioning policies. |
Provision to Novell SecureLogin Repository > SecureLogin Passphrase Question |
Specify the passphrase question that is set for each user. |
Provision to Novell SecureLogin Repository > SecureLogin Passphrase Answer Value Attribute |
Specify the attribute name that contains the value of the passphrase answer. |