IBM® Security Privileged Identity Manager limitations can affect how the virtual appliance behaves or processes
information that is received from IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On. In the
same way, IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On limitations can affect how the IBM Security Privileged Identity Manager virtual appliance
capabilities work.
- IBM Security Privileged Identity Manager virtual appliance limitations
- Reconfiguration options for the middleware are not available.
- An external repository (for example, Active Directory)
cannot be configured with IBM Security Privileged Identity Manager virtual appliance
server components (IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On).
- Non-English
characters are not supported in the Comment fields of the following virtual appliance panels:
- Snapshot
- Firmware Settings
- Support Files
- The
following file name display issues occur in several languages when
a snapshot with a long file name is uploaded in the virtual appliance:
- The text in the Comment field is truncated.
- The file name gets truncated in the Snapshot table.
- IBM Security Privileged Identity Manager limitations
- Data Tier and Reporting components
The Data Tier and Reporting
components must be installed separately or outside the virtual appliance.
- External repository (for example, Active Directory) cannot be
configured with IBM Security Privileged Identity Manager virtual appliance server components.
- IBM Cognos® reporting
components are outside of the IBM Security Privileged Identity Manager virtual appliance.
- Supports only DB2® and Tivoli® Directory Server as the IBM Security Privileged Identity Manager data store
on the external data tier.
- Scalability
Only a single instance of the IBM Security Privileged Identity Manager virtual appliance
can be active at any time.
- High Availability
IBM Security Privileged Identity Manager relies on
external High Availability mechanism to monitor and fail-over on the
single instance of IBM Security Privileged Identity Manager virtual appliance.
- Limited IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On functions are supported.
Customization is limited since
there is no direct access to low-level IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On configuration
files.
- Changing the IBM Security Privileged Identity Manager user logon
ID on the IBM Security Privileged Identity Manager console and AccessAgent is
not supported.
- Only one network adapter can be used.
- IBM Security Access Manager for Enterprise Single Sign-On limitations
- AccessAgent sign up
Sign-up is not allowed from
Access Agent. Users are signed up through IBM Security Identity Manager.
- AccessAssistant/WebWorkplace
This component is
not required for IBM Security Privileged Identity Manager.
- Self-Service Sign-Up through IBM Security Access Manager for Enterprise Single Sign-On AccessAgent
This feature is not supported because users are to be on-boarded
through IBM Security Identity Manager.
- Self-Service Password Reset
IBM Security Privileged Identity Manager virtual appliance
users must use the equivalent feature in IBM Security Identity Manager instead.
- Change ISAM ESSO password
Users must use the equivalent
feature in the IBM Security Identity Manager Self-Service
UI instead.
- Biometric and smart card second factor support
with IBM Security Access Manager for Enterprise Single Sign-On Agent are not available in the virtual appliance.
- RFID 2FA for AccessAgent is
not supported.
- Only the default User Policy Template is supported.
User Policy Templates that are based on arbitrary directory attributes
are not supported.
- Third-party Provisioning System to provision or
manage IBM Security Access Manager for Enterprise Single Sign-On accounts or Wallets
This component is not required in the virtual
appliance because the IBM Security Access Manager for Enterprise Single Sign-On accounts
are provisioned through IBM Security Identity Manager.
- IBM Security Access Manager for Enterprise Single Sign-On mobile
This feature is not used with IBM Security Privileged Identity Manager.
- Mobile Active Code, One Time Password, or RADIUS
are not supported
- AccessAgent Private
and Shared Desktop modes are not supported.
- IMS Configuration wizard and CLTs are not supported.
- IBM Security Identity Manager limitations
- Custom workflow extension configuration is not supported.
- Uploading of custom Java archive files, which implements IBM Security Identity Manager custom
extensions, is not supported. For example, workflow.
- Custom adapters are not supported.
- IBM Security Identity Manager mobile
is not supported.