Configuring Enterprise Identity Mapping

The EIM Configuration wizard allows you to complete a basic EIM configuration for your system quickly and easily. The wizard provides you with three EIM system configuration options.

How you use the wizard to configure EIM on a specific system depends on your overall plan for using EIM in your enterprise and your EIM configuration needs. For example, many administrators want to use EIM in conjunction with network authentication service to create a single sign-on environment across multiple systems and platforms without a need to change underlying security policies. Consequently, the EIM Configuration wizard allows you to configure network authentication service as part of your EIM configuration. However, configuring and using network authentication service is not a prerequisite or requirement for configuring and using EIM.

Before you begin the process of configuring EIM for one or more systems, plan your EIM implementation to gather the information you need. For example, you need to make decisions about the following:

  • Which IBM i platform do you want to configure as the EIM domain controller for the EIM domain? Use the EIM Configuration wizard to create a new domain on this system first, then use the wizard to configure all additional systems to join this domain.
  • Do you want to configure network authentication service on each system that you configure for EIM? If so, you can use the EIM Configuration wizard to create a basic network authentication service configuration on each IBM i model. However, you must perform other tasks to complete your network authentication service configuration.

After you use the EIM Configuration wizard to create a basic configuration for each IBM i platform, there are still a number of EIM configuration tasks that you must perform before you have a complete EIM configuration. Review Scenario: Enable single sign-on for an example that shows how a fictitious company configured a single sign-on environment using network authentication service and EIM.

To configure EIM, you must have all of the following special authorities:

  • Security administrator (*SECADM).
  • All object (*ALLOBJ).
  • System configuration (*IOSYSCFG).

Before you use the EIM Configuration wizard, you should have completed all Planning for Enterprise Identity Mapping steps to determine exactly how you will use EIM. If you are configuring EIM as part of creating a single signon environment, then you should complete all single sign-on planning steps as well.

To access the EIM Configuration wizard, follow these steps:

  1. From IBM Navigator for i on the system for which you want to configure EIM, expand Security > All Tasks > Enterprise Identity Mapping > Configuration. If you are configuring EIM for more than one system, begin with the one on which you want to configure the domain controller for EIM.
  2. Click Configure to start the EIM Configuration wizard.
  3. Follow the instructions that the wizard provides to complete the wizard.
  4. Click ? for help, if necessary, to determine what information to specify as you proceed through the wizard.

Once your planning is complete, you can use the EIM Configuration wizard to create one of three basic EIM configurations. You can use the wizard to join an existing domain or to create and join a new domain. When you use the EIM Configuration wizard to create and join a new domain, you can choose whether to configure an EIM domain controller on a local or a remote system. The following information provides instructions for configuring EIM based on which type of basic EIM configuration you need: