Using the idm auto-discover feature, Idm configuration process overview, Using the idm auto-discover feature -3 – HP Identity Driven Manager Software Series User Manual

2-3

Getting Started

Before You Begin

The IDM Client is included with the PCM+ software. To install a remote PCM/
IDM Client, download the PCM Client to a remote PC using the same process
as for installing the IDM Agent, just select the PCM Client option from the PCM
server. For details, see the ProCurve Manager Getting Started Guide.

Using the IDM Auto-Discover Feature

You can manually configure the RADIUS server, Realms, and Users in IDM, or
you can let IDM do the hard work for you. And, you have two options for
automatically discovering users. Either enable Active Directory synchroniza-
tion to import users from the Active Directory, or install the IDM Agent on the
system with the RADIUS Server, then let it run to collect the information as
users log into the network. Even after you begin creating configurations in
IDM, both options continue to collect information on users and Realms
(domains in Active Directory) and pass that information to the IDM server.

If you are using multiple RADIUS servers, you need to install an IDM Agent
on each of the servers. The IDM Agent collects information only on the system
where it is installed. The IDM client can display information for all RADIUS
servers where the IDM Agent is installed.

When you start the IDM Client and expand the navigation tree in the IDM Home
tab, you will see any discovered or defined Realms found on the RADIUS
server, along with the IP Address for the RADIUS Server(s).

IDM Configuration Process Overview

To configure IDM to provide access control on your network, first let IDM run
long enough to "discover" the Realms, RADIUS servers, and users on your
network. Once IDM has performed these tasks for you, your configuration
process would be as follows:

1.

If you intend to use them, define "locations" from which users will access
the network. A location may relate to port-based VLANS, or to all ports
on a device. (See page 3-7)

2.

If you intend to use them, define "times" at which users are allowed or
denied access. This can be by day, week or even hour. (See page 3-14)

3.

Define any "network resources" (systems and applications) that you want
to specifically allow or restrict users from accessing.

4.

If you intend to restrict a user access to specific systems, you need to set
the User profile to include the MAC address for each system that the user
is allowed to login on. (See page 3-54)