At Setup

To reduce security risks during setup:

• Access Identity Manager through a secure Web server using HTTPS.

• Reset the passwords for the default Identity Manager administrator accounts (Administrator and Configurator). To further protect the security of these accounts, you can rename them.

• Limit access to the Configurator account.

• Limit administrators’ capability sets to only those actions needed for their job functions, and limit administrator capabilities by setting up organizational hierarchies.

• Change the default password for the Identity Manager Index Repository.

• Turn on auditing to track activities in the Identity Manager application.

• Edit the permissions on files in the Identity Manager directory.

• Customize workflows to insert approvals or other checkpoints.

• Develop a recovery procedure to describe how to recover your Identity Manager environment in the event of emergency.