Creating identifier associations for Sharon Jones
You must create the appropriate associations between the EIM identifier, Sharon Jones, and the user identities that the person represented by the identifier uses. These associations, when properly configured, enable the user to participate in a single sign-on environment.
- A source association for the sjones Kerberos principal, which is the user identity that Sharon Jones, the person, uses to log in to Windows and the network. The source association allows the Kerberos principal to be mapped to another user identity as defined in a corresponding target association.
- A target association for the SHARONJ IBM® i user profile, which is the user identity that Sharon Jones, the person, uses to log in to IBM Navigator for i and other IBM i applications on System A. The target association specifies that a mapping lookup operation can map to this user identity from another one as defined in a source association for the same identifier.
- A target association for the JONESSH IBM i user profile, which is the user identity that Sharon Jones, the person, uses to log in to IBM Navigator for i and other IBM i applications on System B. The target association specifies that a mapping lookup operation can map to this user identity from another one as defined in a source association for the same identifier.
Use the information from your planning work sheets to create the associations:
To create the source association for Sharon Jones' Kerberos principal, follow these steps:To create a target association to Sharon Jones' IBM i user profile on System A, follow these steps:
- On the Associations page, click Add.
- On the Add Association dialog box, specify
or Browse to select the following information,
and click OK:
- Registry: SYSTEMA.MYCO.COM
- User: SHARONJ
- Association type: Target
- Click OK to close the Add Associations dialog
box.
To create a target association to Sharon Jones' IBM i user profile on System B, follow these steps:
- On the Associations page, click Add.
- On the Add Association dialog box, specify
or Browse to select the following information,
and click OK:
- Registry: SYSTEMB.MYCO.COM
- User: JONESSH
- Association type: Target
- Click OK to close the Add Associations dialog box.
- Click OK to close the Properties dialog box.
Now that you have created the identifier associations that map Sharon Jones' user identities to her EIM identifier, you can create the default registry policy associations that map all of your Kerberos registry users to a specific user profile in each of the IBM i model user registries.