Managing Enterprise Identity Mapping domains

 

This information explains how to manage your Enterprise Identity Mapping (EIM) domains and EIM domain properties.

You can use iSeries™ Navigator to manage all of your EIM domains. To manage any EIM domain, the domain must be listed in, or add it to, the Domain Management folder under the Network folder in iSeries Navigator. When you use the EIM Configuration wizard to create and configure a new EIM domain, the domain is added to the Domain Management folder automatically so that you can manage the domain and information in the domain.

You can use any System i™ connection to manage an EIM domain that resides anywhere in the same network, even when the system that you are using is not a participant in the domain.

You can perform the following management tasks for a domain:

• Adding an EIM domain to the Domain Management folder
  To add an EIM domain to the Domain Management folder, have *SECADM special authority and the domain that you want to add must exist prior to adding it to the Domain Management folder.

• Connecting to an EIM domain
  Before you can work with an Enterprise Identity Mapping (EIM) domain, first connect to the EIM domain controller for the domain. You may connect to an EIM domain even if your System i model is not currently configured to participate in this domain.

• Enabling policy associations for a domain
  A policy association provides a means of creating many-to-one mappings in situations where associations between user identities and an Enterprise Identity Mapping (EIM) identifier do not exist.

• Testing EIM mappings
  Enterprise Identity Mapping (EIM) mapping testing allows you to issue EIM mapping lookup operations against your EIM configuration. You can use the test to verify that a specific source user identity maps correctly to the appropriate target user identity. Testing ensures that EIM mapping lookup operations can return the correct target user identity based on the specified information.

• Removing an EIM domain from the Domain Management folder
  You can remove an EIM domain that you no longer want to manage from the Domain Management folder. However, removing the domain from the Domain Management folder is not the same as deleting the domain and it does not delete the domain data from the domain controller.

• Deleting an EIM domain and all configuration objects
  Before you can delete an EIM domain, delete all registry definitions and all Enterprise Identity Mapping (EIM) identifiers in the domain. If you do not want to delete the domain and all domain data, but no longer want to manage the domain, you can remove the domain instead.

 

Parent topic:

Managing Enterprise Identity Mapping