14.3 Changing the Values for Authentication Matching and Identity Governance Services

Identity Governance allows you to define the values it uses for authentication matching and the values for the services it runs. You define the values in the Identity Governance Configuration utility.

  1. From a command prompt launch the Identity Governance Configuration utility with the database password. For more information, see Section 14.1.3, Using the Identity Governance Configuration Utility.

  2. Click the Security Settings tab.

  3. Use the following information to define the values for authentication matching.

    Auth Matching Rules

    Specifies how Identity Governance authenticates login requests and grants the appropriate permissions to users. Enter one or more rules that Identity Governance uses to compare attributes in the SUSER table, such as dn, with attributes retrieved from the authentication service. Specify the matching rules using properties named iac.auth.matching.rule.N.attrs where N specifies the order that Identity Governance uses the rule to match users, such as 1, 2, 3, and so on.

    Keep in mind the following points:

    • For best results, add an index for the matching rule attributes.

    • Identity Governance evaluates only collected attribute values for the matching rules, not edited values.

    • When an attribute value is a string, Identity Governance performs an exact case match by default.

    IMPORTANT:Set all matching rule attributes with the following list and search options in the Identity Governance User (identity) schema:

    • Display in lists and detail views

    • Available in catalog searches. Changes take effect after publication.

    For more information, see Extending the Identity Governance Schema in Identity Governance User and Administration Guide.

    Auth Attribute Map

    Specifies the mapping of SUSER attributes to OSP attributes using a comma-separated list of attribute name pairs. Use the format SUSER attribute:OSP attribute. For example, dn:name,lastName:last_name,firstName:first_name,emails:email maps the SUSER attributes of dn, lastName, firstName, and emails to the OSP attributes of name, last_name, first_name, and email.

    SSO Client

    Defines the values for the Identity Governance SSO client. You must define the values of the SSO client service for the following items:

    IG Client ID

    Specifies the name that you want to use to identify the Identity Governance SSO client ID. The default value is iac.

    IG Client Secret

    Specifies the password for the Identity Governance SSO client ID.

    Response types

    Defines what the general service uses for a response. The default response type is password.

    General Service

    Defines the values for the Identity Governance general service. You must define the values of the general service for the following items:

    IG Client ID

    Specifies the name that you want to use to identify the Identity Governance general service. The default value is iac-service.

    IG Client Secret

    Specifies the password for the Identity Governance general service ID.

    Response types

    Defines what the general service uses for a response. The default response type is client_credentials.

    Data Collection Service

    Define the values for the data collection service. You must define the values of the data collection service for the following items:

    IG Client ID

    Specifies the name that you want to use to identify the data collection service. The default value is iac-daas.

    IG Client Secret

    Specifies the password for the data collection service.

    Response types

    Defines what the data collection service uses for a response. The default response type is client_credentials.

    Workflow Service

    Define the values for the workflow server. You must define the values of the workflow service for the following items:

    IG Client ID

    Specifies the name that you want to use to identify the workflow service. The default value is wf.

    IG Client Secret

    Specifies the password for the worflow service.

    Response types

    Defines what the workflow service uses for a response. The default response type is client_credentials.

    Data Transformation Service

    Define the values for the data transformation service. You must define the values of the data transformation service for the following items:

    IG Client ID

    Specifies the name that you want to use to identify the data transformation service. The default value is iac-dtp.

    IG Client Secret

    Specifies the password for the data transformation service.

    Response types

    Defines what the data transformation service uses for a response. The default response type is client_credentials.

    Enable test client for utilities

    Specifies that you want to use test IDs to run utilities that interact with Identity Governance without creating client IDs for each utility.

  4. Click Save to save the changes.