IBM Security Access Manager V9.0 Deployment — Question 12

The customer currently maintains all its users in Active Directory. As part of its new IBM Security Access Manager (ISAM) V9.0 deployment, the customer understands it will have to implement the ISAM "Global Sign-on (GSO)" to archive SSO with certain backend applications which do their own authentication and cannot be modified.
Which federated repositories configuration will address the customer requirements?

Answer options

• A. Use an external ISDS LDAP as the ISAM primary LDAP, federate with the AD and import all AD users into the ISAM TDS.
• B. Configure the AD as the ISAM Primary LDAP, which will create the necessary secauthority= default suffix. Import all users into the ISAM AD.
• C. Use the ISAM embedded LDAP as the Primary LDAP, federate with the AD and configure "basic user", and specify "basic-user-principal-attribute= samAccountName"
• D. Use an external ISDS LDAP as the Primary LDAP, federate with the AD, configure "basic user", specify "basic-user-principal-attribute= samAccountName" and "basic-user-suffix= secauthority=default".

Correct answer: C

Explanation

Option C is correct because it specifies using the ISAM embedded LDAP as the primary and correctly federates with Active Directory while setting the necessary attributes for basic user configuration. The other options do not meet the requirement of using the embedded LDAP or misconfigure the user attributes necessary for seamless integration with the backend applications.