Creating additional Identity Manager Management Console administrators using the IM_AUTH_USER table

Document ID : KB000009605
Last Modified Date : 14/02/2018
Show Technical Document Details

It may be necessary to add additional sets of login credentials to your management console for a variety of reasons. This doc walks through the steps needed to manually add these accounts. 


By default, the directory that is used for authorization is the AuthenticationDirectory, which is a bootstrap directory used exclusively for login credentials for the management console. This directory exists as part of your IM Objectstore. You can find this directory in your management console under Directories. 

2017-07-27 15_13_00-Management Console.jpg


Create your user in the database. Log into your IM Object store and locate the dbo.IM_AUTH_USER table, this table will likely only have one or a few entries in it. It should look like this: 

2017-07-27 12_07_13-najlu01-u162028 - Remote Desktop Connection.jpg


You can add a new row and fill in the required information, you'll need a username, password, disabled status and an ID. Set the disabled status to 0 and the ID to a unique number. The password can be put in as plain text but should be encrypted for security purposes. 


Generate the encrypted password with the password tool: 

The password tool is installed with the CA Identity Manager tools in the following location:

Windows: C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool

UNIX: /opt/CA/IdentityManager/IAM_Suite/Identity_Manager/tools/PasswordTool


Run the password tool using the following command:

pwdtools -JSAFE -p yourPassword

2017-07-27 15_09_19-najlu01-u162028 - Remote Desktop Connection.jpg

Copy this password and use it to create the new row. 

2017-07-27 15_21_26-najlu01-u162028 - Remote Desktop Connection.jpg


Now that the user exists, go to your management console and add them in the directory. 

2017-07-27 15_22_33-Management Console.jpg

Select Update Authentication, add the user and click save. 

2017-07-27 15_24_33-Management Console.jpg

Your new user should now appear under Management Console Administrators and can be used to log into the management console. 

2017-07-27 15_37_08-Management Console.jpg