IBM Security Privileged Identity Manager, Version 1.0.1

Limitations

IBM® Security Privileged Identity Manager limitations can affect how the virtual appliance behaves or processes information that is received from IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On. In the same way, IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On limitations can affect how the IBM Security Privileged Identity Manager virtual appliance capabilities work.

IBM Security Privileged Identity Manager virtual appliance limitations
  • Reconfiguration options for the middleware are not available.
  • An external repository (for example, Active Directory) cannot be configured with IBM Security Privileged Identity Manager virtual appliance server components (IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On).
  • Non-English characters are not supported in the Comment fields of the following virtual appliance panels:
    • Snapshot
    • Firmware Settings
    • Support Files
  • The following file name display issues occur in several languages when a snapshot with a long file name is uploaded in the virtual appliance:
    • The text in the Comment field is truncated.
    • The file name gets truncated in the Snapshot table.
IBM Security Privileged Identity Manager limitations
  • Data Tier and Reporting components

    The Data Tier and Reporting components must be installed separately or outside the virtual appliance.

    • External repository (for example, Active Directory) cannot be configured with IBM Security Privileged Identity Manager virtual appliance server components.
    • IBM Cognos® reporting components are outside of the IBM Security Privileged Identity Manager virtual appliance.
    • Supports only DB2® and Tivoli® Directory Server as the IBM Security Privileged Identity Manager data store on the external data tier.
  • Scalability

    Only a single instance of the IBM Security Privileged Identity Manager virtual appliance can be active at any time.

  • High Availability

    IBM Security Privileged Identity Manager relies on external High Availability mechanism to monitor and fail-over on the single instance of IBM Security Privileged Identity Manager virtual appliance.

  • Limited IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On functions are supported.

    Customization is limited since there is no direct access to low-level IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On configuration files.

  • Changing the IBM Security Privileged Identity Manager user logon ID on the IBM Security Privileged Identity Manager console and AccessAgent is not supported.
  • Only one network adapter can be used.
IBM Security Access Manager for Enterprise Single Sign-On limitations
  • AccessAgent sign up

    Sign-up is not allowed from Access Agent. Users are signed up through IBM Security Identity Manager.

  • AccessAssistant/WebWorkplace

    This component is not required for IBM Security Privileged Identity Manager.

  • Self-Service Sign-Up through IBM Security Access Manager for Enterprise Single Sign-On AccessAgent

    This feature is not supported because users are to be on-boarded through IBM Security Identity Manager.

  • Self-Service Password Reset

    IBM Security Privileged Identity Manager virtual appliance users must use the equivalent feature in IBM Security Identity Manager instead.

  • Change ISAM ESSO password

    Users must use the equivalent feature in the IBM Security Identity Manager Self-Service UI instead.

  • Biometric and smart card second factor support with IBM Security Access Manager for Enterprise Single Sign-On Agent are not available in the virtual appliance.
  • RFID 2FA for AccessAgent is not supported.
  • Only the default User Policy Template is supported. User Policy Templates that are based on arbitrary directory attributes are not supported.
  • Third-party Provisioning System to provision or manage IBM Security Access Manager for Enterprise Single Sign-On accounts or Wallets

    This component is not required in the virtual appliance because the IBM Security Access Manager for Enterprise Single Sign-On accounts are provisioned through IBM Security Identity Manager.

  • IBM Security Access Manager for Enterprise Single Sign-On mobile

    This feature is not used with IBM Security Privileged Identity Manager.

  • Mobile Active Code, One Time Password, or RADIUS are not supported
  • AccessAgent Private and Shared Desktop modes are not supported.
  • IMS Configuration wizard and CLTs are not supported.
IBM Security Identity Manager limitations
  • Custom workflow extension configuration is not supported.
  • Uploading of custom Java archive files, which implements IBM Security Identity Manager custom extensions, is not supported. For example, workflow.
  • Custom adapters are not supported.
  • IBM Security Identity Manager mobile is not supported.
Parent topic: Troubleshooting and support

Feedback