The admin user you create while installing Administration Console has all rights to Access Manager Appliance components. We recommend that you secure this account through the following configuration:
Password Restrictions: When the admin user is created, no password restrictions are set. To ensure that the password meets your minimum security requirements, configure the standard eDirectory password restrictions for this account. In Administration Console, select the Roles and Tasks view in the iManager header, then click Users. Browse to the admin user (found in the novell container), then click Restrictions.
The password is not case-sensitive by default. To make your password case-sensitive, see Section 2.3.1, Enforcing Case-Sensitive Universal Password For Access Manager.
Intruder Detection: The admin user is created in the novell container. You should set up an intruder detection policy for this container. In Administration Console, select the Roles and Tasks view in the iManager header, then click Directory Administration > Modify Object. Select novell, then click OK. Click Intruder Detection.
Backup Admin User Creation: Only one admin user is created when you install Access Manager Appliance. If you forget the username or password, you cannot access Administration Console. It is recommended that you create a backup user who has the required privileges of an admin user. For more information, see Managing Administrators
in the NetIQ Access Manager Appliance CE 24.2 (v5.1) Administration Guide.
Delegated Administrators: If you create delegated administrators for policy containers, ensure that they have sufficient rights to implement a cross-site scripting attack using the Deny Message in an Access Gateway Authorization policy.
They are also granted rights to the LDAP server, which gives them sufficient rights to access the configuration datastore with an LDAP browser. Modifications done with an LDAP browser are not logged by Access Manager.
Making the passwords case-sensitive adds to the security of the login to Access Manager. For example, if you have a password aBc that is case-sensitive, all the trials of login with the combinations like abc or Abc or ABC would fail.
Log into Administration Console.
Click username on the top right corner of the page.
Configuring iManager:
Click Configure Console.
Click iManager Server > Configure iManager.
Select Plug-in Download and select the Query Download site for new netiq Plug-in Modules (NPM).
Click Save.
Installing Plug-in:
Click Plug-in Installation > Available netiq Plug-in Modules.
Select netiq imanager Password Management.
Click Install.
Click I agree and click OK.
Restart Administration Console after the installation is complete.
Log into Administration Console.
Click <username> from the top right corner of the page.
Assigning a Policy to an Object:
Click Manage Roles & Tasks.
Select Passwords > Password Policies.
Click None from Assignments column entry.
Browse to select an object.
Click Apply. You can see that novell is reflecting in the Assignments columns now.
NOTE:When you log into Administration Console for the first time after setting the password policy and specify a new case-sensitive password, that password becomes your new password.