Configuring the Alternate Scenario

Create the personalized DomainAdmin as described in the chapter "Creating a Personalized DomainAdmin".

Store the smart card certificate in this personalized DomainAdmin as described in the section "Store the Smart Card Certificate in the Personalized DomainAdmin".

In the Provisioning → Users view, create a mirror of the personalized DomainAdmin object you just created - for example, MyMirrorAdmin - to hold the encrypted password (dxmPassword attribute). This user object only needs to hold the encrypted password; no group assignments are necessary.

Change to the Data View and then edit the userpassword field of your mirror personalized DomainAdmin user object to set the password.

In the Provisioning → Users view, link the personalized DomainAdmin user object to the mirror personalized DomainAdmin user object using the Mirrored User field in the SASL external bind section of the Authentication tab of the personalized DomainAdmin user.

Change to Data View → Connectivity.

Create the mirrored user for the personalized DomainAdmin - for example, Mirrored MyDomainAdmin - with the same password as the mirror personalized DomainAdmin you previously created in the Provisioning view (for example, MyMirrorAdmin). See step 7 in the chapter "Creating a Personalized DomainAdmin".

In Data View → Connectivity, add the mirrored user for the personalized domainAdmin - for example, Mirrored MyDomainAdmin - to the DirXmetahub read and write groups as described in "Add the Personalized DomainAdmin to DirXmetahub Read and Write Groups".

Ensure that the DirX Identity Manager runtime uses the Java 11 JRE (64 bit) as described in "Configure Java 11 JRE (64-bit)".

Set up the login profile for Provisioning as described in "Set up the Login Profiles".

Set up SASL authentication to the request workflow service as described in "Set up Request Workflow Service SASL Authentication".

In DirX Identity Manager’s Data View → Connectivity:

Create a personalized DomainAdmin for smart card login to the Connectivity side - for example, MyMetahubAdmin - and then store the smart card certificate in the userCertificate attribute for this use. This user must have the inetOrgPerson object class, because this object class contains the userCertificate attribute. To create this user, right-click in the cn=Users tree and then select New → Internet Organizational Person.

Add this personalized DomainAdmin to the DirXmetahub read and write groups as described in "Add the Personalized DomainAdmin to DirXmetahub Read and Write Groups".

Ensure that the DirX Identity Manager runtime uses Java 11 JRE (64-bit) as described in the section "Configure Java 11 JRE (64-bit)".

Set up the login profile for Connectivity as described in "Set up the Login Profiles".

Create the new personalized DomainAdmin as described in the chapter "Creating a Personalized DomainAdmin".

Store the smart card certificate in this new personalized DomainAdmin as described in the section "Store the Smart Card Certificate in the Personalized DomainAdmin".

In the Provisioning → Users view, create a mirror personalized DomainAdmin user object for the new personalized DomainAdmin to hold the encrypted password.

Change to the Data View and then set this password (edit the mirrored user object’s userpassword attribute).

In the new personalized DomainAdmin, use the Mirrored User field (Provisioning → Users → new personalized DomainAdmin → Authentication tab → SASL external bind section) to link the mirror personalized DomainAdmin to the new personalized DomainAdmin.

Change to Data View → Connectivity. In this view, create another mirrored user for the personalized DomainAdmin with the same password as the mirror personalized DomainAdmin you created in the Provisioning view and then add it to the DirXmetahub read and write groups (See step 7 in the chapter "Creating a Personalized DomainAdmin").

Set up the login profile for Provisioning as described in the section "Set up the Login Profiles".