Configuring identity management, Configuring identity management -4 – HP Identity Driven Manager Software Series User Manual
Page 72
3-4
Using Identity Driven Manager
IDM Configuration Model
2.
Define "times" (optional) at which users will be allowed or denied access.
This can be by day, week or even hour.
3.
If you intend to restrict a user’s access to specific systems, based on the
system they use to access the network, you need to modify the User profile
to include the MAC address for each system from which the user is
allowed to login.
4.
Define the Network Resources that users will have access to, or will be
denied from using, if applicable.
5.
Create the Access Profiles to set the VLAN, QoS, rate-limits (Bandwidth),
and network resources that are applied to users in Access Policy Groups.
6.
If you don’t use Active Directory synchronization, create the Access
Policy Groups, with rules containing the Location, Time, System, and
Access Profile that will be applied to users when they login.
OR
If using Active Directory synchronization, add rules and access profiles
to the Access Policy Groups that were created by Active Directory syn-
chronization.
7.
If you do not use Active Directory synchronization, assign Users to the
appropriate Access Policy Group.
8.
If you do not use automatic deployment, deploy the configuration to the
IDM Agent on the RADIUS Server. The authorization controls can then be
applied when IDM detects an authenticated user login. If you do not use
automatic deployment and do not manually deploy the IDM configuration
to the Agent on the RADIUS server, the configuration will not be applied
N O T E :
If you want to modify or delete an Access Policy Group, or the locations, times,
or access profiles used in the Access Policy Group, make sure your changes
will not adversely affect users assigned to that group.
Configuring Identity Management
All of the elements described for configuring user access in IDM are available
in the Identity Management Configuration window.
To launch the Identity Management Configuration window:
1.
Right-click on the Identity Management navigation tree, and select the
Configure Identity Management... option from the menu, or