Enabling Service Provider Admin Role Delegation (Sun Identity Manager 8.1 Business Administrator's Guide)

Sun Identity Manager 8.1 Business Administrator's Guide

Enabling Service Provider Admin Role Delegation

To enable service provider admin role delegation (Service Provider delegated administration), open the system configuration object for modification (Editing Identity Manager Configuration Objects) and set the following property to true:

security.authz.external.app name.object type

where app name is the Identity Manager application (such as Administrator Interface) and object type is Service Provider Users

This property can be enabled per Identity Manager application (for example, for the Administrator Interface or User Interface) and per object type. Currently, the only supported object type is Service Provider Users. The default value is false.

For example, to enable Service Provider Delegated Administration for Identity Manager administrators, set the following attribute in the System Configuration configuration object to “true”:

security.authz.external.Administrator Interface.Service Provider Users

If Service Provider Delegated Administration is disabled (set to false) for a given Identity Manager or Service Provider application, the organization-based authorization model is used.

When Service Provider Delegated Administration is enabled, tracked events capture information about the number and duration of authorization rules executed. These statistics are available in the dashboard.