Once IdentityForge has been configured for EmpowerID, you can add an AS/400 Identity Forge Connector domain to the EmpowerID Identity Warehouse as a managed Account Store. This topic demonstrates how to do so.
Prerequisites:
Before connecting EmpowerID to AS/400, you must configure Identity Forge for EmpowerID. See Configuring Identity Forge for EmpowerID for the details.
This opens the AS400 Directory window.
At this point, the AS400 Directory window should look similar to the following image.
This opens the Account Store Ldap Details screen. This screen is used to configure the settings that EmpowerID uses to manage the domain. A description of the settings available from this screen follows.
Use this pane to set general information for the Account Store.
To change this field, Click the Edit button to the right of the line, enter the new name into the Account Store Friendly Name window that opens and then click OK to close the window.
To change this field, click the Edit button
to the right of the line, enter the new name in the
Resource System Friendly Name window that opens and then click OK to close the window.
To change this field, click the Edit button to the right of the line and in the Choose Servers window that appears, toggle the button beside the server you wish to use from a red sphere to a green check box. Please note that the agent must be running on the server before it will appear in the Choose Servers window.
To change this field, click the Edit button to the right of the line, enter the account information into the Proxy Connection Account window that opens, and then click OK to close the window.
To set this field, click the Edit button to the right of the line, select a domain controller in the
Change Domain Controller window that opens, and then click OK to close the window.
To set this field, click the Edit button to the right of the line, select a resource system type in the Change Resource System Type window that opens, and then OK to close the window.
To set a numeric value, Click the Edit button to the right of the line, enter a number in the Change Max Accounts Per Person window that opens, and then click OK.
To set an order, click the Edit button to the right of the line, enter a number in the Change Business Role Priority window that opens and then click OK.
To set the icon, click the Icon Selector button to the right of the line, select an icon from the drop-down list and click OK.
To set the Partition Suffix, Click the Edit button to the right of the line, enter the appropriate information in the
Account Store Partition Suffix window that opens and then click OK.
To enable this function, click the Enable Pass-Through Authentication button to the left of the line and toggle it so that the green check is visible.
To enable this function, click the Enable Simple Username Search button to the left of the line and toggle it so that the green check is visible.
To enable this function, click the Allow Password Sync button to the left of the line and toggle it so that the green check is visible.
To enable this function, click the Allow RET Provisioning button to the left of the line and toggle it so that the green check is visible.
To enable this function, click the Allow RET De-Provisioning button to the left of the line and toggle it so that the green check is visible.
Use this pane to enable or disable and set the inventory schedule for the domain. A description of the pane follows below.
To set this value, click the Edit button to the right of the Inventory Schedule line, enter a value into the Set Schedule Inventory window that opens, and then click OK.
To enable inventory, toggle the Enable Inventory button to the left of the line so that the green check is visible.
To set the workflow, click the Edit button to the right of the line, select a workflow from the Change Request Workflow window that opens, and then click OK. You can clear the selection by clicking on the red sphere to the right of the Edit button.
When provisioning people, you have the following optional settings that can be made:
To pick a Business Role other than the default, click the Edit button to the right of the line, select a Business Role from the Business Role Selector window that opens and then click OK. You can clear the selection by clicking on the red sphere to the right of the Edit button.
To pick a location other than the default, click the Edit button to the right of the line, select a location from the Business Role and Location Selector window that opens, and then click OK. You can clear the selection by clicking on the red sphere to the right of the Edit button.
To enable automatic joining, click the button to the left of the line and toggle it so that the green check is visible.
Use this pane to enable or disable and schedule group membership reconciliation for the domain. This process ensures that the domain local groups used to grant native AS/400 permissions, such as read or write access for the group member attribute, are created in EmpowerID and granted the proper native permissions.
Among the available Resource Enforcement Types are the following:
To set Rights Enforcement for Resource Role Groups, do the following: