IBM Security Verify

Hi,

I would like to manage ISVA accounts with Identity Manager. 

The ISVA environment have federated directory which is MS AD, and its secAuthority=Default resides on external IBM SDS V6.4

On the other side, there is an ISIM, with ISVA service configured.

I would like to import users from federated directory (import only), but I do not "see" them at all: When I reconcile service in ISIM, I see only accounts that are local to ISVA, even there are accounts already imported/enabled from federated AD

I am unable to import them through ISIM service, I cannot reconcile them from ISVA directory even they exists below secAuthority=Default.

It must be I am doing something wrong.

When looking into release notes of ISVA adapter for ISVG/ISVGIM I can see there are "closed issues" in previous releases of the adapter (I am using latest adapter version, 10.0.6) specifically for cases when there is federated AD, but unfortunately these APARS or cases or bugs are not available publicly.

Does anybody have similar experience?

Is there any specific documentation for configuration of ISVA adapter / SDI dispatcher when there is a federated directory (MS AD) in place, in ISVA configuration?

Thanks,

Mita

I suggest that you raise a case to get an explanation of how this should work. It would probably be a good idea to have this documented in all cases either as a technote or even better in the formal adapter documentation.

HTH 

Hi,

I would like to manage ISVA accounts with Identity Manager. 

The ISVA environment have federated directory which is MS AD, and its secAuthority=Default resides on external IBM SDS V6.4

On the other side, there is an ISIM, with ISVA service configured.

I would like to import users from federated directory (import only), but I do not "see" them at all: When I reconcile service in ISIM, I see only accounts that are local to ISVA, even there are accounts already imported/enabled from federated AD

I am unable to import them through ISIM service, I cannot reconcile them from ISVA directory even they exists below secAuthority=Default.

It must be I am doing something wrong.

When looking into release notes of ISVA adapter for ISVG/ISVGIM I can see there are "closed issues" in previous releases of the adapter (I am using latest adapter version, 10.0.6) specifically for cases when there is federated AD, but unfortunately these APARS or cases or bugs are not available publicly.

Does anybody have similar experience?

Is there any specific documentation for configuration of ISVA adapter / SDI dispatcher when there is a federated directory (MS AD) in place, in ISVA configuration?

Thanks,

Mita

Hi Franz,

Thank you for the answer.

I will go with support case.

Thanks,

Mita

I suggest that you raise a case to get an explanation of how this should work. It would probably be a good idea to have this documented in all cases either as a technote or even better in the formal adapter documentation.

HTH 

Hi,

I would like to manage ISVA accounts with Identity Manager. 

The ISVA environment have federated directory which is MS AD, and its secAuthority=Default resides on external IBM SDS V6.4

On the other side, there is an ISIM, with ISVA service configured.

I would like to import users from federated directory (import only), but I do not "see" them at all: When I reconcile service in ISIM, I see only accounts that are local to ISVA, even there are accounts already imported/enabled from federated AD

I am unable to import them through ISIM service, I cannot reconcile them from ISVA directory even they exists below secAuthority=Default.

It must be I am doing something wrong.

When looking into release notes of ISVA adapter for ISVG/ISVGIM I can see there are "closed issues" in previous releases of the adapter (I am using latest adapter version, 10.0.6) specifically for cases when there is federated AD, but unfortunately these APARS or cases or bugs are not available publicly.

Does anybody have similar experience?

Is there any specific documentation for configuration of ISVA adapter / SDI dispatcher when there is a federated directory (MS AD) in place, in ISVA configuration?

Thanks,

Mita

Well, I've found it is quite supported, easy to setup, it is just not (clearly) documented.

There is a video presentation at https://learn.ibm.com/course/view.php?id=15016 where one may find everything needed for this scenario,

Some options may be found in documentation:

https://www.ibm.com/docs/en/sva/10.0.7?topic=configuration-options

Basically, once you've set up your integration, either using SvrSslCfg or com.tivoli.pd.rgy.util.RgyConfig, you have a configuration file which you then may top up with info about federated directory, with several additional com.tivoli.pd.rgy.util.RgyConfig configuration commands.

Hope this helps someone else.

Mita 

Hi Franz,

Thank you for the answer.

I will go with support case.

Thanks,

Mita

I suggest that you raise a case to get an explanation of how this should work. It would probably be a good idea to have this documented in all cases either as a technote or even better in the formal adapter documentation.

HTH 

Hi,

I would like to manage ISVA accounts with Identity Manager. 

The ISVA environment have federated directory which is MS AD, and its secAuthority=Default resides on external IBM SDS V6.4

On the other side, there is an ISIM, with ISVA service configured.

I would like to import users from federated directory (import only), but I do not "see" them at all: When I reconcile service in ISIM, I see only accounts that are local to ISVA, even there are accounts already imported/enabled from federated AD

I am unable to import them through ISIM service, I cannot reconcile them from ISVA directory even they exists below secAuthority=Default.

It must be I am doing something wrong.

When looking into release notes of ISVA adapter for ISVG/ISVGIM I can see there are "closed issues" in previous releases of the adapter (I am using latest adapter version, 10.0.6) specifically for cases when there is federated AD, but unfortunately these APARS or cases or bugs are not available publicly.

Does anybody have similar experience?

Is there any specific documentation for configuration of ISVA adapter / SDI dispatcher when there is a federated directory (MS AD) in place, in ISVA configuration?

Thanks,

Mita