Enterprise Identity Management (EIM) is a mechanism for mapping,
or associating, a person or entity to the appropriate user identities in various
registries throughout an enterprise. EIM enables administrators and application
developers to more easily and efficiently manage multiple user registries
across their enterprise. With multiple user registries, each user or entity
within the enterprise requires a separate identity in each registry. The requirement
for multiple user registries can grow into a large administrative problem
that affects users, administrators, and application developers.
EIM enables
you to create a system of identity mappings, called associations, between
various user identities in various user registries for a person in your enterprise.
It also provides a common set of APIs that can be used across platforms to
develop applications that can use the identity mappings that you create to
look up the relationships between user identities. You can use EIM in conjunction
with network authentication service (NAS) to enable a single signon environment.
With your secured applications, a user authenticates to an LDAP
registry to run a program on the i5/OS® system. To use single signon, you
need to create an identifier in EIM that has two associations: a source association
to the LDAP registry, and a target association to the i5/OS system where the program will be
running.
You can configure and manage EIM through System i™ Navigator.
The i5/OS server
uses EIM to enable i5/OS interfaces to authenticate users using NAS. Configuring
EIM involves the following steps:
- Creating an EIM domain
- Adding the domain to Domain Management
- Creating a Source User Registry definition in EIM
- Creating a Target User Registry definition in EIM
- Creating a User Identifier in EIM
- Creating associations in EIM for the User Identifier
To configure EIM, follow these steps: