The admin user you create while installing Administration Console has all rights to Access Manager components. We recommend that you secure this account through the following configuration:
Password Restrictions: When the admin user is created, no password restrictions are set. To ensure that the password meets your minimum security requirements, configure the standard eDirectory password restrictions for this account. In Administration Console, select the Roles and Tasks view in the iManager header, then click Users. Browse to the admin user (found in the novell container), then click Restrictions.
The password is not case-sensitive by default. To make your password case-sensitive, see Section 2.4.1, Enforcing Case-Sensitive Universal Password For Access Manager.
Intruder Detection: The admin user is created in the novell container. You should set up an intruder detection policy for this container. In Administration Console, select the Roles and Tasks view in the iManager header, then click Directory Administration > Modify Object. Select novell, then click OK. Click Intruder Detection.
Backup Admin User Creation: Only one admin user is created when you install Access Manager. If you forget the username or password, you cannot access Administration Console. It is recommended that you create a backup user who has the required privileges of an admin user. For more information, see Managing Administrators
in the NetIQ Access Manager CE 24.2 (v5.1) Administration Guide.
Delegated Administrators: If you create delegated administrators for policy containers, ensure that they have sufficient rights to implement a cross-site scripting attack using the Deny Message in an Access Gateway Authorization policy.
They are also granted rights to the LDAP server, which gives them sufficient rights to access the configuration datastore with an LDAP browser. Modifications done with an LDAP browser are not logged by Access Manager.