Identity Profiles
Learn how to configure identity profiles for authentication protocol identity system types and map them to identity configuration in a third-party system used for managing user accounts.
Table of Contents
About Identity Profiles
An Identity Profile is mapped to the identity configuration in a third-party system used for managing user account.
Notes:
- Identity Profiles can be defined for "Authentication Protocol" Identity System types only.
- If multiple services need to share the same identity, they can refer to the same Identity Profile.
- As a prerequisite to defining an Identity Profile, you must first integrate the associated Authentication Protocol with Policy Manager in the Configure > Identity Systems section of the Management Console.
- After an Identity Profile is created, it is immediately available in the Identity Profile section of the Service Details Portlet and can be selected and assigned to a service.
View Identity Profiles on the Identity Profiles Summary screen in Configure > Security > Identity Profiles.
Add Identity Profile
- Go to Configure > Security > Identity Profiles. The Identity Profiles Summary screen displays.
-
Click Add Identity Profile.
The Identity Profile Domain Details screen is displayed.
- Profile Details—Define a unique name and description for your Identity Profile. Entries made here will appear on the Identity Profile Summary screen.
- Domain Details—The domain represents the collection of computers where you would like to store the Identity Profile. Enter the Domain Name and Domain Description of the domain you are configuring.
Note: The remainder of this "Add Identity Profile" instruction set outlines the example of adding an identity profile of type Kerberos.
- Click Next.
The Kerberos Identity Profile screen is displayed.
- Kerberos principle name (Optional)—Specify the principle name of the service in Kerberos.
- Select from:
Enter Password Manually—Enter a password to access the Kerberos Authentication Server and retrieve the keytab file.
Use Kerberos Keytab file—Select either "Upload Keytab file" (stores the keytab file in the Policy Manager vault) or "Locate the keytab file on the local file system" (accesses the keytab file on the Container machine).
- Click Finish
The system configures your identity profile based on your provided configuration parameters and returns you to the Identity Profile Summary screen.
Modify Identity Profile
- Go to Configure > Security > Identity Profiles. The Identity Profiles Summary screen displays.
- Click Modify Identity Profile. The Modify Identity Profile screen is displayed.
Note: The remainder of this "Modify Identity Profile" instruction set outlines the example of modifying an identity profile of type Kerberos.
- Update the Kerberos Identity Profile Details:
- Kerberos Identity Profile Details—Modify the name and description of your Identity Profile (name must be unique). Domain name cannot be modified.
- Shared Key Access Method—Modify the "Kerberos principle name" (the principle name of the service in Kerberos) and then use the radio buttons to select between the following two options for configuring access to your shared key:
Enter password manually—Modify the password used to access the Kerberos Authentication Server and retrieve the keytab file.
Use Kerberos keytab file—Choose either to "Upload Keytab file" (stores the keytab file in the Policy Manager vault) or to "Locate the keytab file on the local file system" (accesses the keytab file on the Container machine).
- Click Finish. The system updates your identity profile based on your provided configuration parameters and returns you to the Identity Profile Summary screen.
Delete Identity Profile
- Go to Configure > Security > Identity Profiles. The Identity Profiles Summary screen displays.
- From the displayed list, select the identity profile you would like to delete.
- Click Delete Identity Profile. A confirmation message displays.
- Click OK to confirm.
