Enterprise Identity Management (EIM) is a mechanism for mapping,
or associating, a person or entity to the appropriate user identities in various
registries throughout an enterprise. EIM enables administrators and application
developers to more easily and efficiently manage multiple user registries
across their enterprise. With multiple user registries, each user or entity
within the enterprise requires a separate identity in each registry. The requirement
for multiple user registries can grow into a large administrative problem
that affects users, administrators, and application developers.
EIM enables
you to create a system of identity mappings, called associations, between
various user identities in various user registries for a person in your enterprise.
It also provides a common set of APIs that can be used across platforms to
develop applications that can use the identity mappings that you create to
look up the relationships between user identities. You can use EIM in conjunction
with network authentication service (NAS) to enable a single signon environment.
With
your secured applications, a user authenticates to an LDAP registry to run
a program on the iSeries system. To use single signon, you need to create
an identifier in EIM that has two associations: a source association to the
LDAP registry, and a target association to the iSeries system where the program
will be running.
You can configure and manage EIM through iSeries Navigator.
The iSeries server uses EIM to enable OS/400 interfaces to authenticate users
using NAS. Configuring EIM involves the following steps:
- Creating an EIM domain
- Adding the domain to Domain Management
- Creating a Source User Registry definition in EIM
- Creating a Target User Registry definition in EIM
- Creating a User Identifier in EIM
- Creating associations in EIM for the User Identifier
To configure EIM, follow these steps: