Configuring Enterprise Identity Mapping

 

Use this information to learn how to use the Enterprise Identity Mapping (EIM) Configuration wizard to configure EIM for yourSystem i™ platform.

The EIM Configuration wizard allows you to complete a basic EIM configuration for your system quickly and easily. The wizard provides you with three EIM system configuration options. How you use the wizard to configure EIM on a specific system depends on your overall plan for using EIM in your enterprise and your EIM configuration needs. For example, many administrators want to use EIM in conjunction with network authentication service to create a single signon environment across multiple systems and platforms without a need to change underlying security policies. Consequently, the EIM Configuration wizard allows you to configure network authentication service as part of your EIM configuration. However, configuring and using network authentication service is not a prerequisite or requirement for configuring and using EIM.

Before you begin the process of configuring EIM for one or more systems, plan your EIM implementation to gather the information you need. For example, make decisions about the following:

• Which System i model do you want to configure as the EIM domain controller for the EIM domain? Use the EIM Configuration wizard to create a new domain on this system first, then use the wizard to configure all additional systems to join this domain.

• Do you want to configure network authentication service on each system that you configure for EIM? If so, you can use the EIM Configuration wizard to create a basic network authentication service configuration on each System i model. However, perform other tasks to complete your network authentication service configuration.

After you use the EIM Configuration wizard to create a basic configuration for each System i model, there are still a number of EIM configuration tasks that perform before you have a complete EIM configuration. See Scenario: Enable single signon for an example that shows how a fictitious company configured a single signon environment using network authentication service and EIM.

To configure EIM, have all of the following special authorities:

• Security administrator (*SECADM).

• All object (*ALLOBJ).

• System configuration (*IOSYSCFG).

Before you use the EIM Configuration wizard, you should have completed all Planning for Enterprise Identity Mapping steps to determine exactly how you will use EIM. If you are configuring EIM as part of creating a single signon environment, then you should complete all single signon planning steps as well.

To access the EIM Configuration wizard, follow these steps:

1. Start iSeries™ Navigator.

2. Sign on to the system you want to configure for EIM. If you are configuring EIM for more than one system, begin with the one on which you want to configure the domain controller for EIM.

3. Expand Network > Enterprise Identity Mapping.

4. Right-click Configuration and select Configure to launch the EIM Configuration wizard.

5. Select an EIM configuration option and follow the instructions that the wizard provides to complete the wizard.

6. Click Help, if necessary, to determine what information to specify as you proceed through the wizard.

Once your planning is complete, you can use the EIM Configuration wizard to create one of three basic EIM configurations. You can use the wizard to join an existing domain or to create and join a new domain. When you use the EIM Configuration wizard to create and join a new domain, you can choose whether to configure an EIM domain controller on a local or a remote system. The following information provides instructions for configuring EIM based on which type of basic EIM configuration you need:

• Creating and joining a new local domain
  This information explains how to create a new Enterprise Identity Mapping (EIM) domain for your enterprise and to configure the local directory server to be the EIM domain controller for the new domain.

• Creating and joining a new remote domain
  This information explains how to create a new Enterprise Identity Mapping (EIM) domain for your enterprise and to configure a remote directory server to be the EIM domain controller for the new domain.

• Joining an existing domain
  This information explains how you can use the Enterprise Identity Mapping (EIM) Configuration wizard on one System i model to configure a domain controller and create an EIM domain, then use the wizard to configure other systems to participate in the domain.

• Configuring a secure connection to the EIM domain controller
  This information explains how to setup a secure connection to a domain controller with SSL or TLS.

 

Parent topic:

Enterprise Identity Mapping (EIM)