The following users are involved in synchronizing One Identity Manager with IBM Notes.
User | Permissions |
---|---|
One Identity Manager Service user account |
The user account for One Identity Manager Service requires permissions to carry out operations at file level. For example, assigning permissions and creating and editing directories and files. The user account must belong to the Domain users group. The user account must have the Login as a service extended user permissions. The user account requires access permissions to the internal web service. NOTE: If One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can issue access permissions for the internal web service with the following command line call: netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE" The user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager. In the default installation, One Identity Manager is installed under:
|
User for accessing the target system (synchronization user) | The user who accesses the system required sufficient administrative permissions to the Domino Directory (names.nsf). The minimum requirements are:
"Editor" is also required for the following databases:
|
User for accessing the One Identity Manager database |
The Synchronization default system user is provided to execute synchronization with an application server. |