Create the Identity Manager administrator in Domino. Use a certifier ID that has access to all organizations needed to manage users.
Add the user to the ACL of the registration log, certlog.nsf, with Depositor access.
Add the user to the ACL of the Administration Requests, admin4.nsf, with Depositor access.
Add the newly created user to server security:
Open the Security panel to edit the server configuration.
If access to the Domino server is restricted, make sure the Identity Manager proxy account has access to the server. This is done by specifying the account name or a group to which the proxy account belongs in the Access Serverfield.
If there is a before or after action that calls a Domino agent, the user might need to be added to the Run unrestricted LotusScript/Java agentsor Run restricted LotusScript/Java agentfield, depending on how the agent being called is configured.