Idm configuration process overview, Idm configuration process overview -5 – HP Identity Driven Manager Software Series User Manual
Page 21
2-5
Getting Started
Before You Begin
RADIUS Server, then let it run to collect the information as users log into the network.
Even after you begin creating configurations in IDM, both options continue to collect
information on users and Domains (domains in Active Directory) and pass that
information to the IDM server.
If you are using multiple RADIUS servers, you need to install an IDM Agent on each
of the servers. The IDM Agent collects information only on the system where it is
installed. The IDM client can display information for all RADIUS servers where the
IDM Agent is installed.
When you start the IDM Client and expand the navigation tree in the IDM Dashboard
tab, you will see any discovered or defined Domains found on the RADIUS server,
along with the IP address for the RADIUS Server(s).
IDM Configuration Process Overview
To configure IDM to provide access control on your network, first let IDM run long
enough to “discover” the Domains, RADIUS servers, and users on your network.
Once IDM has performed these tasks for you, your configuration process would be
as follows:
1. If you intend to use them, define “locations” from which users will access the
network. A location may relate to port-based VLANS, or to all ports on a device.
(See page 3-5)
2. If you intend to use them, define “times” at which users are allowed or denied
access. This can be by day, week or even hour. (See page 3-12)
3. Define any network resources (systems and applications) that you want to
specifically allow or restrict users from accessing.
4. If you intend to restrict a user access to specific systems, you need to set the
User profile to include the MAC address for each system that the user is allowed
to login on. (See page 3-77.)
5. Create the Access Profiles, to set the VLAN, QoS, rate-limits (bandwidth)
attributes, and the network resources that are available, to users in an Access
Policy Group. (See page 3-32.)
6. Create an Access Policy Group, with rules containing the Location, Time,
System, and Access Profile that is applied to users when they login. (See page
3-42.)
OR
If using Active Directory synchronization, add rules and Access Profiles to the
Access Policy Groups automatically created by Active Directory synchroniza-
tion.