IBM Tivoli Federated Identity Manager, Version 6.2.2.7

Configuring risk-based access with the Federation First Steps tool

Use the IBM® Tivoli® Federated Identity Manager Federation First Steps tool to configure and enable risk-based access. Risk-based access is a component for IBM Tivoli Federated Identity Manager. Risk-based access provides access decision and enforcement that is based on a dynamic risk assessment or confidence level of a transaction.

Before you begin

Before you start the Federation First Steps tool, complete the following steps:
  1. If you have a WebSphere® Application Server clustered environment, you must create and configure a JNDI context named jdbc/rba in WebSphere Application Server and create the database schema for risk-based access. See Manually configuring the database.
  2. Install risk-based access. See Installing risk-based access.
  3. Configure the WebSEAL point of contact server for IBM Tivoli Federated Identity Manager. See Configuring WebSEAL point of contact server for SAML federation.
You must know the following information to complete the wizard:
  • URL of the Point of Contact Server for IBM Tivoli Federated Identity Manager
  • URI of the IBM Tivoli Access Manager secure resource that you want to protect with risk-based access
  • WebSEAL instance name

Procedure

  1. Launch the Federation First Steps tool.
  2. Select Risk-based Access Configuration Wizard.
  3. Click Start. The tool scans your existing configuration settings.
  4. Provide the information that is requested by the wizard.
  5. Optional: On the General Configuration Settings page, select Configure Tivoli Access Manager, if you want to set up IBM Tivoli Access Manager environment so that it delegates authorization decisions to risk-based access for your secure resources.
    Note: If you select this option, you must ensure that IBM Tivoli Access Manager is installed and configured locally on the same system as IBM Tivoli Federated Identity Manager.
  6. Specify the URL of the Point of Contact Server for IBM Tivoli Federated Identity Manager, which is used for collecting attributes. 
    http://host_name/webseal-junction-name
    For example:
    http://mywebsealhost.company.com/FIM
    After the configuration process is completed, the Risk-based Access Configuration Summary page describes whether the configuration failed or was successful.
    • If the configuration completes successfully, the next steps to complete the setup for risk-based access are displayed on the Risk-based Access Configuration Summary page. Follow the instructions in the summary page to complete the IBM Tivoli Access Manager and external authorization service (EAS) setup for your environment.
    • If the configuration fails, the log and failure messages are displayed on the Risk-based Access Configuration Summary page. Use the details that are provided in the log and failure messages to check where the configuration process failed and the probable causes of failure. Resolve the configuration issues and run the Federation First Steps tool again to configure risk-based access.
  7. Click Finish.

What to do next

After you complete all of the next steps that are specified on the summary page, verify that risk-based access is configured correctly on your system. See Verifying the configuration.
Parent topic: Identity provider side configuration

Feedback