Configuring identity management, Configuring identity management -3 – HP Identity Driven Manager Software Series User Manual

3-3

Using Identity Driven Manager

IDM Configuration Model

3.

If you intend to restrict a user’s access to specific systems, based on the
system they use to access the network, you need to modify the User profile
to include the MAC address for each system from which the user is
allowed to login.

4.

Define the Network Resources that users will have access to, or will be
denied from using, if applicable.

5.

Create the Access Profiles to set the VLAN, QoS, rate-limits (Bandwidth),
and network resources that are applied to users in Access Policy Groups.

6.

Create the Access Policy Groups, with rules containing the Location,
Time, System, and Access Profile that will be applied to users when they
login.

7.

Assign Users to the appropriate Access Policy Group.

Once the configuration has been completed on the IDM Client GUI, it needs
to be deployed to the IDM Agent on the RADIUS Server. The authorization
controls can then be applied when IDM detects an authenticated user login.
If you do not deploy the IDM configuration to the Agent on the RADIUS server,
it will not be applied.

N O T E :

If you want to modify or delete an Access Policy Group, or the locations, times,
or access profiles used in the Access Policy Group, make sure your changes
will not adversely affect users assigned to that group before you deploy the
changes.

Configuring Identity Management

All of the elements described for configuring user access in IDM are available
in the Identity Management Configuration window.

To launch the Identity Management Configuration window:

1.

Right-click on the Identity Management navigation tree, and select the
Configure Identity Management... option from the menu, or

2.

Click the Configure Identity Management icon in the Realms window
toolbar.

The Identity Management Configuration default display is the Access Profiles
pane with the Default Access Profile.