To reduce security risks during setup:
Access Identity Manager through a secure Web server using HTTPS.
Reset the passwords for the default Identity Manager administrator accounts (Administrator and Configurator). To further protect the security of these accounts, you can rename them.
Limit access to the Configurator account.
Limit administrators’ capability sets to only those actions needed for their job functions, and limit administrator capabilities by setting up organizational hierarchies.
Change the default password for the Identity Manager Index Repository.
Turn on auditing to track activities in the Identity Manager application.
Edit the permissions on files in the Identity Manager directory.
Customize workflows to insert approvals or other checkpoints.
Develop a recovery procedure to describe how to recover your Identity Manager environment in the event of emergency.