Sun Identity Manager 8.1 Business Administrator's Guide

Overview of Service Provider Features

In a service provider environment, you need the ability to manage user provisioning for all end-users, which includes extranet as well as intranet users. The Service Provider features enable company administrators to categorize identity accounts into two distinct types: Identity Manager users and Service Provider users. Service Provider users in Identity Manager are user accounts that have been configured as the Service Provider User type.

The Identity Manager user-provisioning and auditing capabilities extend to service provider implementations by providing the following features:

Enhanced End-User Pages

Enhanced end-user pages that are customizable for a Service Provider implementation are provided.

Password and Account ID Policy

You can define account ID and password policies for Service Provider users and resource accounts, as with other Identity Manager users.

Policy checking code is activated for Service Provider users with the Service ProviderSystem Account Policy, which has been added to the main Policies table.

Identity Manager and Service Provider Synchronization

Synchronization for Identity Manager and Service Provider accounts can be configured to run on any Identity Manager server, or restricted to selected servers.

Service Provider Synchronization, like Identity Manager synchronization, can be easily stopped and started from the Resource Actions options on the Resources page. See Start and Stop Synchronization.

The Input Forms for Identity Manager user synchronization and Service Provider user synchronization differ. See End-User Interface.

Access Manager integration

You can use Sun Access Manager 7 2005Q4 for authentication on Service Provider end-user pages. If integration with Access Manager is configured, Access Manager ensures that only authenticated users can access the end-user pages.

Service Provider requires the user name for auditing purposes. Update the file to add the user’s ID to the HTTP headers, for example:

com.sun.identity.agents.config.response.attribute.mapping[uid] = HEADER_speuid

The end-user-page authentication filter puts the HTTP header value into the HTTP session where the rest of the code expects it to be.