Skip to main content

Tivoli Access Manager

Connector name

agttam

Connector type

Executable

Type (UI field value)

Tivoli Access Manager

Connector status / support

Customer-Verified

Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.

Bravura Security Fabric performs the following operations on an IBM Tivoli Access Manager (TAM) system using the agttam connector:

  • user verify password

  • administrator reset password

  • expire password

  • unexpire password

  • check password expiry

  • enable account

  • disable account

  • check account enabled

  • create account

  • delete account

  • update attributes

  • add user to group

  • delete user from group

  • create group

  • delete group

  • list account attributes

  • List:

    • attributes

    • groups

See also:

Bravura Security Fabric performs operations on an IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM ESSO) system using the agttamsso connector.

Preparation

Before you can target TAM from Bravura Security Fabric you must:

  • Either install the Proxy Service (psproxy) on the TAM server, or install a TAM policy proxy on the Bravura Security Fabric server.

  • Create an administrator account such as sec_master in the TAM server’s iv-admin group; this is to perform domain tasks.

Targeting the Tivoli Access Manager server

For each TAM server, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems).

  • Type is Tivoli Access Manager .

  • Address uses the following options:

    Domain The created domain, the @local domain, or the @management domain

    ID Optional; specify one or more users.

    group Optional; specify one or more groups.

    The patterns for ID and Group match that of the psadmin command "user list" or "group list" respectively.

    The address is entered in the following syntax:

    domain=<domain>[/id=<pattern>]⋆[/group=<pattern>]*

The full list of target parameters is explained in Target System Options .

Handling account attributes

You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using the Manage the system (PSA) module. To do this, select Tivoli Access Manager from the Manage the system > Resources > Account attributes > Target system type menu.

For information about the native TAM attributes managed by Bravura Security Fabric , consult your TAM documentation.

Bravura Security Fabric explicitly handles the following attributes when creating or modifying recipient accounts for TAM targets:

_deleteFromRegistry determines if user and group deletions affect the registry that is backing TAM, such as LDAP or Microsoft Active Directory.

  • If true, then user and group deletions affect the registry that is backing TAM.

  • If false, then user and group deletions do not affect the registry that is backing TAM.

In this section: