Symantec IGA

  • 1.  How can I change the password of the Store Administrator of IDentity Minder? What about the procedure of changing the password of etadmin and SiteMinder admin?

    Posted Jun 27, 2016 10:20 AM

    I am trying to change the Store Admin user password that I've used when installing Identity Minder.  Can I do it from Web Interface?



  • 2.  Re: How can I change the password of the Store Administrator of IDentity Minder? What about the procedure of changing the password of etadmin and SiteMinder admin?

    Posted Jun 27, 2016 03:54 PM

    You can change your Admin password on CA Directory through JXplorer. Login to your User Store and from there you can reset the password.

     

    This is not recommended as there are many dependencies that rely on this password. Is this a fresh install of identity manager?

     

    Thanks,

    Andrew Nguyen



  • 3.  Re: How can I change the password of the Store Administrator of IDentity Minder? What about the procedure of changing the password of etadmin and SiteMinder admin?

    Posted Jun 27, 2016 04:33 PM

    Thank you Andrew for the answer.  It is necessary to change these passwords. It is not a fresh install.  Although we migrate environment during an upgrade a few months ago.  Can you give me more details on how I can do it through JXplorer?  After that I need to update passwords in the IM Corporate Directory xml and in Dir Prov xml files?



  • 4.  Re: How can I change the password of the Store Administrator of IDentity Minder? What about the procedure of changing the password of etadmin and SiteMinder admin?

    Posted Jun 27, 2016 05:04 PM

    Hello Xenia,

     

    Let me look further into this to ensure all the dependencies are covered.

     

    Thanks,

    Andrew Nguyen



  • 5.  Re: How can I change the password of the Store Administrator of IDentity Minder? What about the procedure of changing the password of etadmin and SiteMinder admin?

    Broadcom Employee
    Posted Jun 29, 2016 01:31 PM

    Hi.

     

    About the Site Minder admin:

    You need to ensure your SM administrator has full administrative rights. Then you shall use Site Minder itself to change his password, then log back into SM from their WAM UI and confirm the new password is working. Then, to effect that in Identity Manager you shall: Stop all your app servers that use this siteminder administrator in their ra.xml, use the Password Tool to encrypt the new password of that administrator and paste it back to the ra.xml in all app servers, then start them back up and confirm the connection is made in IDM startup step 2.

     

    About the IDM store admin:

    I guess you refer to the LDAP administrator account of the corp user store as specified in the directory xml. If this is what you are asking for then you shall use an LDAP Browser to change that password and log into that directory server with the new password to confirm it's correct. Then, you shall export the dir xml and encrypt the new password (using IDM password tool) and update that dir xml back using the /iam/immanage.

     

     

    About the etaadmin:

    I don't know, hopefully someone else will answer that.

     

     

    Thanks,

    Sagi



  • 6.  Re: How can I change the password of the Store Administrator of IDentity Minder? What about the procedure of changing the password of etadmin and SiteMinder admin?

    Posted Jun 29, 2016 01:57 PM

    For the IM User Directory you would want to export the XML, use the pwdtools script to generate a new encrypted password, update the XML, and import the XML back in before you update the password in the actual userstore (i.e. LDAP store or DB store). If you were to update the actual userstore first then you would not be able to export/import via the IM Management Console.



  • 7.  Re: How can I change the password of the Store Administrator of IDentity Minder? What about the procedure of changing the password of etadmin and SiteMinder admin?

    Broadcom Employee
    Posted Jul 04, 2016 03:06 PM

    Handled via Support case 00443676 Changing passwords



  • 8.  Re: How can I change the password of the Store Administrator of IDentity Minder? What about the procedure of changing the password of etadmin and SiteMinder admin?

    Posted Jul 08, 2016 03:08 PM

    Hi XTapaki,

     

    You may wish to look at this deck.

    Changing Identity Management Services Accounts' Passwords; After the 1st Install & Ad-Hoc (to meet audit compliance)

     

    I run in to this request often, when customer are required to rotate their services accounts.

     

    Let me know if you find it of value.

     

    Cheers,

     

    A.