You must create the appropriate associations between the EIM identifier
and the user identities that the person represented by the identifier uses.
These identifier associations, when properly configured, enable the user to
participate in a single signon environment.
In this scenario, you need
to create two identifier associations for the John Day identifier:
- A source association for the jday Kerberos principal, which is
the user identity that John Day, the person, uses to log in to Windows® and
the network. The source association allows the Kerberos principal to be mapped
to another user identity as defined in a corresponding target association.
- A target association for the JOHND i5/OS™ user
profile, which is the user identity that John Day, the person, uses to log
in to iSeries™ Navigator and other i5/OS applications on iSeries A.
The target association specifies that a mapping lookup operation can map to
this user identity from another one as defined in a source association for
the same identifier.
Now that you have created the John Day identifier, you need to
create both a source association and a target association for it.
To
create a source association between the Kerberos principal and the John Day
identifier, follow these steps:
To create a target association between the i5/OS user
profile and the John Day identifier, follow these steps:
- Click OK to close the Add Association dialog.
- On the Associations page, click Add.
- On the Add Association dialog, specify or Browse... to
select the following information, and click OK:
- Registry: ISERIESA.MYCO.COM
- User: JOHND
- Association type: Target
- Click OK to close the Add Association dialog.
- Click OK to close the Properties dialog.
Now that you have created an identifier and added the appropriate
associations to the identifier, you need to test that the mappings between
associated user identities works correctly.