Creating identifier associations for John Day

You must create the appropriate associations between the EIM identifier, John Day, and the user identities that the person represented by the identifier uses. These identifier associations, when properly configured, enable the user to participate in a single signon environment.

In this scenario, you need to create one source association and two target associations for the John Day identifier:

A source association for the jday Kerberos principal, which is the user identity that John Day, the person, uses to log in to Windows^® and the network. The source association allows the Kerberos principal to be mapped to another user identity as defined in a corresponding target association.
A target association for the JOHND System i™ user profile, which is the user identity that John Day, the person, uses to log in to System i model and to other System i applications on System A. The target association specifies that a mapping lookup operation can map to this user identity from another one as defined in a source association for the same identifier.
A target association for the DAYJO System i user profile, which is the user identity that John Day, the person, uses to log in to iSeries™ Navigator and other System i applications on System B. The target association specifies that a mapping lookup operation can map to this user identity from another one as defined in a source association for the same identifier.

Use the information from your planning work sheets to create the associations.

To create the source association for John Day's Kerberos principal, follow these steps:

On System A, expand Network > Enterprise Identity Mapping > Domain Management > MyCoEimDomain > Identifiers.
Right-click John Day and select Properties.
On the Associations page, click Add.
In the Add Association dialog, specify or Browse... to select the following information, and click OK.
- Registry: MYCO.COM
- User: jday
- Association type: Source
Click OK to close the Add Associations dialog.

To create a target association for John Day's System i user profile on System A, follow these steps:

On the Associations page, click Add.
In the Add Association dialog, specify or Browse... to select the following information, and click OK:
- Registry: SYSTEMA.MYCO.COM
- User: JOHND
- Association type: Target
Click OK to close the Add Associations dialog.
To create a target association for John Day's System i user profile on System B, follow these steps:
On the Associations page, click Add.
In the Add Association dialog, specify or Browse... to select the following information, and click OK:
- Registry: SYSTEMB.MYCO.COM
- User: DAYJO
- Association type: Target
Click OK to close the Add Associations dialog.
Click OK to close the Properties dialog.

Now that you have created the identifier associations that map John Day's user identities to his EIM identifier, you can create similar associations for Sharon Jones.

Parent topic:

Scenario: Enabling single signon for i5/OS

Previous topic: Creating EIM identifiers for two administrators, John Day and Sharon Jones

Next topic: Creating identifier associations for Sharon Jones