Identity Governance allows you to define the values it uses for authentication matching and the values for the services it runs.
From a command prompt launch the Identity Governance Configuration utility with the database password. For more information, see Section 15.1.4, Using the Identity Governance Configuration Utility.
Click the Security Settings tab.
Use the information from the security settings table to define the values for authentication matching.
Click Save.
Identity Governance allows you to define the values for authentication method in the Identity Governance Configuration utility. Use the following table to understand the values while setting the authentication method:
Table 15-3 Security Settings Values for Authentication
Values |
Description |
---|---|
Auth Matching Rules |
Specifies how Identity Governance authenticates login requests and grants the appropriate permissions to users. Enter one or more rules that Identity Governance uses to compare attributes in the SUSER table, such as dn, with attributes retrieved from the authentication service. Specify the matching rules using properties named iac.auth.matching.rule.N.attrs where N specifies the order that Identity Governance uses the rule to match users, such as 1, 2, 3, and so on. Keep in mind the following points:
|
Auth Attribute Map |
Specifies the mapping of SUSER attributes to OSP attributes using a comma-separated list of attribute name pairs. Use the format SUSER attribute:OSP attribute. For example, dn:name,lastName:last_name,firstName:first_name,emails:email maps the SUSER attributes of dn, lastName, firstName, and emails to the OSP attributes of name, last_name, first_name, and email. |
SSO Client |
Defines the values for the Identity Governance SSO client. You must define the values of the SSO client service for the following items: IG Client ID: Specifies the name that you want to use to identify the Identity Governance SSO client ID. The default value is iac. IG Client Secret: Specifies the password for the data transformation service. Response types: Defines what the data transformation service uses for a response. The default response type is client_credentials. |
General Service |
Defines the values for the Identity Governance general service. You must define the values of the general service for the following items: IG Client ID: Specifies the name that you want to use to identify the Identity Governance general service. The default value is iac-service. IG Client Secret: Specifies the password for the Identity Governance general service ID. Response types: Defines what the general service uses for a response. The default response type is client_credentials. |
Data Collection Service |
Define the values for the data collection service. You must define the values of the data collection service for the following items: IG Client ID: Specifies the name that you want to use to identify the data collection service. The default value is iac-daas. IG Client Secret: Specifies the password for the data collection service. Response types: Defines what the data collection service uses for a response. The default response type is client_credentials. |
Data Transformation Service |
Define the values for the data transformation service. You must define the values of the data transformation service for the following items: IG Client ID: Specifies the name that you want to use to identify the data transformation service. The default value is iac-dtp. IG Client Secret: Specifies the password for the data transformation service. Response types: Defines what the data transformation service uses for a response. The default response type is client_credentials. |
Workflow Service |
Define the values for the workflow server. You must define the values of the workflow service for the following items: IG Client ID: Specifies the name that you want to use to identify the workflow service. The default value is wf. IG Client Secret: Specifies the password for the worflow service. Response types: Defines what the data transformation service uses for a response. The default response type is client_credentials. |
Enable test client for utilities |
Specifies that you want to use test IDs to run utilities that interact with Identity Governance without creating client IDs for each utility. |