Defining a custom domain for policy attachments

The administrator can specify a custom domain to separate metadata in a registry. For example, your company might possess metadata that belongs to several companies, and it is a security demand the data does not overlap.

The policy attachment credential automatically selects the default management domain in all supported versions of IBM Tivoli Access Manager when you integrate it with the IBM Security Verify Access local management interface. We must choose one domain to use for policy attachments.

Steps

1. Log in to the local management interface.

2. Specify the Tivoli Access Manager administrator credentials when we create a new reverse proxy instance:

   1. Select Web > Manage > Reverse Proxy> New.

   2. Select the IBM Security Verify Access tab.

   3. Specify the following administrator credentials. These credentials must be the same as the ones that we use to attach a policy to a domain other than the default.
      • Administrator Name
      • Administrator Password
      • Domain

   We can choose to specify a custom secure domain in the IBM Security Verify Access tab. However, if we choose not to specify a domain, the domain field defers to the default.

3. Select AAC >Policy> Access Control > Resources.

4. Click .

5. Enter the information that you specified in 2.c at Policy Server Login.

What to do next

We can reset the credentials that you just defined with the setCredential parameter under the following conditions:

• You upgrade to IBM Security Verify Access, version 8.0.0.4 or later.
• You want to manage a domain name other than the default.

Before you reset the setCredential parameter, remove all current resources and their corresponding policy attachments. For information about this command, go to the REST API documentation and select Policy Attachments > Resources > Authenticate with ISAM.

Parent topic: Advanced Access Control configuration