Defining a custom domain for policy attachments

The administrator can specify a custom domain to separate metadata in a registry. For example, your company might possess metadata that belongs to several companies, and it is a security demand the data does not overlap.

The policy attachment credential automatically selects the default management domain in all supported versions of IBM Tivoli Access Manager when you integrate it with the IBM Security Verify Access local management interface. We must choose one domain to use for policy attachments.

Steps

  1. Log in to the local management interface.

  2. Specify the Tivoli Access Manager administrator credentials when we create a new reverse proxy instance:

    1. Select Web > Manage > Reverse Proxy> Add New.

    2. Select the IBM Security Verify Access tab.

    3. Specify the following administrator credentials. These credentials must be the same as the ones that we use to attach a policy to a domain other than the default.

      • Administrator Name
      • Administrator Password
      • Domain

    We can choose to specify a custom secure domain in the IBM Security Verify Access tab. However, if we choose not to specify a domain, the domain field defers to the default.

  3. Select AAC >Policy> Access Control > Resources.

  4. Click Add attribute.

  5. Enter the information that you specified in 2.c at Policy Server Login.


What to do next

We can reset the credentials that you just defined with the setCredential parameter under the following conditions:

Before you reset the setCredential parameter, remove all current resources and their corresponding policy attachments. For information about this command, go to the REST API documentation and select Policy Attachments > Resources > Authenticate with ISAM.

Parent topic: Advanced Access Control configuration