Verify Access Platform and Supporting Components administration

The Security Verify Access Platform and Supporting Components are available with the ISAM Platform activation level. The topics in this hierarchy describe how to manage the ISAM servers and resources that support WebSEAL and the web reverse proxy.

• Security Verify Access overview
  Security Verify Access is an authentication and authorization solution for corporate web, client/server, and existing applications. Use Security Verify Access to control user access to protected information and resources. By providing a centralized, flexible, and scalable access control solution, Security Verify Access builds secure and easy-to-manage network-based applications and infrastructure.
• Web Portal Manager
  Security Verify Access has both command-line and graphical interface interfaces for managing domains, users, groups, permissions, policies, and other resources in the enterprise.
• Security Verify Access administration
  Administering Security Verify Access includes tasks such as installing and configuring resource managers, defining users and groups, and implementing security policies.
• Default security policy
  Security Verify Access establishes a default security policy to protect all objects in a domain. A set of administrative users and groups is established and granted a predefined set of permissions. This chapter describes the default security policy.
• Domain management
  An administrator in the management domain can create additional domains. We must specify a unique name and an administrator when we create the domain. Domain administrators can do administrative tasks only within their own domains and do not have the authority to do tasks in other domains.
• Object space management
  Security Verify Access represents resources to be protected with a virtual representation of the object space called the protected object space.
• Manage protected objects
  An object is a logical representation of a system resource. To protect objects, we must apply security policies. Security policies are the combination of access control list (ACL) policies, protected object policies (POPs), and authorization rules that we can attach to an object.
• Manage access control
  A domain administrator can use access control list (ACL) policies to control access to objects.
• Protected object policy management
  The access control list (ACL) policies provide the authorization service with information to make a yes or no answer on a request to access a protected object and do some operation on that object. A protected object policy (POP) contains additional conditions on the request. The conditions are passed back to the resource manager along with the yes ACL policy decision from the authorization service.
• Authorization rules management
  These topics provide information about Security Verify Access authorization rules. Authorization rules are conditions contained in an authorization policy used to make access decisions based on attributes such as user, application, and environment context.
• Manage users and groups
  An initial domain administrator is created when a new domain is created.
• Certificate and password management
  To securely transfer information between servers and clients, we can configure IBM Security Verify Access to use server-side and client-side certificates, key files, and stash files for authentication. During the initial configuration, we can configure the settings for the default lifetime of the certificates and the key file passwords.
• Server management
  This chapter provides detailed information about general administration and configuration tasks on the ISAM servers.
• High availability of the policy server
  This chapter provides information about ensuring that ISAM provides high availability for the policy server in case a server failure occurs.
• Multiple-tenancy policy server
  A multiple-tenancy server is a server that supports the hosting of multiple customers on a single server instead of on multiple client systems.
• Diagnostics and auditing
  ISAM provides ways to collect events that we can use for diagnostic and auditing purposes of the servers.
• Guidelines for changing configuration files
  These guidelines are provided to help you change the ISAM configuration files.
• Configuration file reference
  The way We use configuration files controls the operation of the ISAM servers.
• Configuration file stanza reference
  Within configuration files, stanza labels occur within brackets, such as [stanza-name].
• User registry differences
  Each user registry presents unique concerns when integrated with ISAM. This release ISAM supports the specified LDAP user registries.
• pdadmin to Web Portal Manager equivalents
  This appendix shows the mapping of the administration pdadmin commands to Web Portal Manager.
• Manage user registries
  This appendix contains a subset of user registry tasks specific to installing Security Verify Access.

Parent topic: Administer