Limitations in a prerequisite component can affect how
the IBM® Security Privileged Identity Manager Virtual Appliance capabilities
work.
- Virtual appliance limitations
- Reconfiguration options for the middleware are not available.
- An external repository (for example, Active Directory)
cannot be configured with IBM Security Privileged Identity Manager Virtual Appliance server components
(IBM Security Privileged Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On).
- Non-English
characters are not supported in the Comment fields
of the following IBM Security Privileged Identity Manager Virtual Appliance panels:
- Snapshot
- Firmware Settings
- Support Files
- The
following file name display issues occur in several languages when
a snapshot with a long file name is uploaded in the IBM Security Privileged Identity Manager Virtual Appliance:
- The text in the Comment field is truncated.
- The file name gets truncated in the Snapshot table.
- IBM Security Privileged Identity Manager limitations
- Data Tier and Reporting components
The Data Tier and Reporting
components must be installed separately or outside the IBM Security Privileged Identity Manager Virtual Appliance.
- External repository (for example, Active Directory) cannot be
configured with IBM Security Privileged Identity Manager Virtual Appliance server
components.
- IBM Cognos® reporting components are outside of
the IBM Security Privileged Identity Manager Virtual Appliance.
- Supports only DB2® and IBM Security Directory Server as
the IBM Security Privileged Identity Manager data
store on the external data tier.
- Limited IBM Security Privileged Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On functions
are supported.
Customization is limited since there is no direct
access to low-level IBM Security Privileged Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On configuration
files.
- Changing the IBM Security Privileged Identity Manager user logon
ID on the IBM Security Privileged Identity Manager console
and AccessAgent is
not supported.
- Only one network adapter can be used.
- Custom workflow extension configuration is not supported.
- Uploading of custom Java archive files, which implements IBM Security Privileged Identity Manager custom
extensions, is not supported. For example, workflow.
- Custom adapters are not supported.
- IBM Security Access Manager for Enterprise Single Sign-On limitations
- AccessAgent sign
up
Sign-up is not allowed from Access Agent. Users are signed up
through IBM Security Privileged Identity Manager.
- AccessAssistant/WebWorkplace
This component is
not required for IBM Security Privileged Identity Manager.
- Self-Service Sign-Up through IBM Security Access Manager for Enterprise Single Sign-On AccessAgent
This
feature is not supported because users are to be on-boarded through IBM Security Privileged Identity Manager.
- Self-Service Password Reset
IBM Security Privileged Identity Manager Virtual Appliance users must
use the equivalent feature in IBM Security Privileged Identity Manager instead.
- Change ISAM ESSO password
Users must use the equivalent
feature in the IBM Security Privileged Identity Manager Self-Service
UI instead.
- Biometric and smart card second factor support
with IBM Security Access Manager for Enterprise Single Sign-On Agent
are not available in the IBM Security Privileged Identity Manager Virtual Appliance.
- RFID 2FA for AccessAgent is
not supported.
- Only the default User Policy Template is supported.
User Policy Templates that are based on arbitrary directory attributes
are not supported.
- Third-party Provisioning System to provision or
manage IBM Security Access Manager for Enterprise Single Sign-On accounts
or Wallets
This component is not required in the IBM Security Privileged Identity Manager Virtual Appliance because
the IBM Security Access Manager for Enterprise Single Sign-On accounts
are provisioned through IBM Security Privileged Identity Manager.
- IBM Security Access Manager for Enterprise Single Sign-On mobile
This
feature is not used with IBM Security Privileged Identity Manager.
- Mobile Active Code, One Time Password, or RADIUS
are not supported
- AccessAgent Private
and Shared Desktop modes are not supported.
- IMS Configuration wizard and CLTs are not supported.