Enterprise Identity Management (EIM) is a mechanism for mapping,
or associating, a person or entity to the appropriate user identities
in various registries throughout an enterprise. EIM enables administrators
and application developers to more easily and efficiently manage multiple
user registries across their enterprise. With multiple user registries,
each user or entity within the enterprise requires a separate identity
in each registry. The requirement for multiple user registries can
grow into a large administrative problem that affects users, administrators,
and application developers.
EIM enables you to create a system of
identity mappings, called associations, between various user identities
in various user registries for a person in your enterprise. It also
provides a common set of APIs that can be used across platforms to
develop applications that can use the identity mappings that you create
to look up the relationships between user identities. You can use
EIM in conjunction with network authentication service (NAS) to enable
a single signon environment.
With your secured applications,
a user authenticates to an LDAP registry to run a program on the IBM® i system.
To use single signon, you need to create an identifier in EIM that
has two associations: a source association to the LDAP registry, and
a target association to the IBM i system where the program will be running.
You
can configure and manage EIM through
IBM i Navigator. The
IBM i server
uses EIM to enable
IBM i interfaces to authenticate users using
NAS. Configuring EIM involves the following steps:
- Creating an EIM domain
- Adding the domain to Domain Management
- Creating a Source User Registry definition in EIM
- Creating a Target User Registry definition in EIM
- Creating a User Identifier in EIM
- Creating associations in EIM for the User Identifier
To configure EIM, follow these steps: