Create identifier associations for Sharon Jones

You must create the appropriate associations between the EIM identifier, Sharon Jones, and the user identities that the person represented by the identifier uses. These associations, when properly configured, enable the user to participate in a single signon environment.

In this scenario, you need to create one source association and two target associations for the Sharon Jones identifier:
  • A source association for the sjones Kerberos principal, which is the user identity that Sharon Jones, the person, uses to log in to Windows® and the network. The source association allows the Kerberos principal to be mapped to another user identity as defined in a corresponding target association.
  • A target association for the SHARONJ i5/OS™ user profile, which is the user identity that Sharon Jones, the person, uses to log in to iSeries™ Navigator and other i5/OS applications on iSeries A. The target association specifies that a mapping lookup operation can map to this user identity from another one as defined in a source association for the same identifier.
  • A target association for the JONESSH i5/OS user profile, which is the user identity that Sharon Jones, the person, uses to log in to iSeries Navigator and other i5/OS applications on iSeries B. The target association specifies that a mapping lookup operation can map to this user identity from another one as defined in a source association for the same identifier.

Use the information from your planning work sheets to create the associations:

To create the source association for Sharon Jones' Kerberos principal, follow these steps:
  1. On iSeries A, expand Network > Enterprise Identity Mapping > Domain Management > MyCoEimDomain > Identifiers.
  2. Right-click Sharon Jones and select Properties.
  3. On the Associations page, click Add.
  4. On the Add Association dialog, specify or Browse... to select the following information, and click OK.
    • Registry: MYCO.COM
    • User: sjones
    • Association type: Source
  5. Click OK to close the Add Associations dialog.

To create a target association to Sharon Jones' i5/OS user profile on iSeries A, follow these steps:

  1. On the Associations page, click Add.
  2. On the Add Association dialog, specify or Browse... to select the following information, and click OK:
    • Registry: ISERIESA.MYCO.COM
    • User: SHARONJ
    • Association type: Target
  3. Click OK to close the Add Associations dialog.

    To create a target association to Sharon Jones' i5/OS user profile on iSeries B, follow these steps:

  4. On the Associations page, click Add.
  5. On the Add Association dialog, specify or Browse... to select the following information, and click OK:
    • Registry: ISERIESB.MYCO.COM
    • User: JONESSH
    • Association type: Target
  6. Click OK to close the Add Associations dialog.
  7. Click OK to close the Properties dialog.

Now that you have created the identifier associations that map Sharon Jones' user identities to her EIM identifier, you can create the default registry policy associations that map all of your Kerberos registry users to a specific user profile in each of the iSeries user registries.

Parent topic: Scenario: Enable single signon for i5/OS
Previous topic: Create identifier associations for John Day
Next topic: Create default registry policy associations