IBM: Test 000-020: IBM Tivoli Access Manager for Enterprise Single Sign-On V8.0.1 Implementation

Professional Certification
About the program
About the member site
Certifications
	By product
	Test information
	Updates and revisions
Policy
Process
News
Contact

Related links
	Member site sign in
	Mastery tests
	Training
	Linux certification
	Business Partner Training and certification
	IBM Press
	CEIS

Professional certification

Certifications

Test information

	Test 000-020: IBM Tivoli Access Manager for Enterprise Single Sign-On V8.0.1 Implementation

Overview

Objectives

Test Preparation

Section 1: Planning

Given access to the customer, their hardware, applications, and policies, collect and analyze the customers� requirements so that a solution document is created.

Arrange a kick-off meeting with stakeholders.
Interview the appropriate personnel.
Review the security infrastructure of the customer.
Identify and understand the customer's single sign-on requirements.

Determine key objectives for Enterprise Single Sign-On project.
Collect the list of applications to be included in project.
Analyze the customer's environment.

Identify the auditing requirements.
Create a solution document.

Given the topology of the client network (number of PCs, subnets, etc), the number of users, and the network link capacity, measure the network performance and analyze IBM Tivoli Access Manager for Enterprise Single Sign-On�s impact on the environment so that an estimate of the maximum network bandwidth consumed is available.

Identify the most active period of time when users tend to log into IBM Tivoli Access Manager for Enterprise Single Sign-On.
Estimate the number of users involved.
Estimate the size of their wallets by taking into account the number of accounts stored, number of profiles, etc.
Estimate the average number of automatic fill of credentials that are done over the same period.
Identify the synchronization interval.
Use this information and generate an estimate of the maximum network bandwidth consumed.

Given the customer's environment, explain the solution architecture so that a solution document with minimum hardware and software requirements for the solution is created.

Arrange a meeting with customers.
Explain the functionality of the IMS Server.
Explain the type of information stored and managed by the DB and where it has to be running.
Explain the use of LDAP.
Explain the purpose of Load Balancer.
Explain several administration tools that an administrator can use for different purposes (AccessAdmin, AccessAssistant, and AccessStudio).
Explain where the AccessAgent has to be installed and the purpose.
Explain the minimum hardware and software requirements for each component including supported clients.
Explain any consideration regarding network requirements for supported clients and supported servers.
Explain supported Web Browsers.
Explain supported Thin Clients.
Create a document with minimum hardware and software requirements for the solution.

Given access to the customer applications, collect and analyze the customer application requirements so that Application Profile checklist/document is created.

Arrange a kick-off meeting with stakeholders.
Get a representative desktop and application list.
Review the customer applications in scope.
Identify and understand customer's specific application requirements.

Determine which applications are web, Windows, mainframe, Java, and others.
Determine which application password change workflow is required.
Determine password policies for each application.
Determine if any applications share credentials (i.e. common LDAP).
Identify any potentially �challenging� applications.
Identify mechanisms and personnel for password resets/expiry.

Obtain or create credentials on the applications for testing purposes.
Create an Application Profile checklist/document.

Given access to the customer�s test hardware, applications, test credentials, and IBM Tivoli Access Manager for Enterprise Single Sign-On installers, collate the data so that the components of the staging environment is determined and documented.

Acquire test server, test workstations, and IBM Tivoli Access Manager for Enterprise Single Sign-On software.
Reach an agreement with the customer to use recommended staging environment.
Identify test applications that should be installed on the test workstations.
Identify test user accounts.

Verify which accounts to use for IBM Tivoli Access Manager for Enterprise Single Sign-On administrator account.
Verify which accounts to use for IBM Tivoli Access Manager for Enterprise Single Sign-On lookup account.
Verify which accounts to use for IBM Tivoli Access Manager for Enterprise Single Sign-On user accounts.
Verify which accounts to use for application profile creation/testing.

Determine hostname/URL to be used for staging IMS Server.
Identify the DB to be used and obtain valid DB credentials.
Identify the directory server to be used and obtain valid credentials.
Create a staging environment document.

Given access to the customer�s Single Sign-On Project Manager, their hardware, network administrator, and an estimate of the maximum network bandwidth consumed, determine High Availability and load balancing environment requirements so that a High Availability design document is created.

Arrange a meeting with Single Sign-On Project Manager, Enterprise n/w Administrator, and Infrastructure personnel.
Collect information on existing network bandwidth and usage statistics and load infrastructure existing in the customer environment.
Collect information needed to estimate hardware sizing for HA.

Collect peak hour traffic estimates for one-time password (OTP) login and AA logins/second.
Determine peak installation and user sign-up rates.
Collect IMS database utilization and clustering requirements.
Collect Load Balancing architecture requirements.

Share the collected information with Tech Line.
Size hardware requirements for HA.
Architect High Availability solution for IBM Tivoli Access Manager for Enterprise Single Sign-On components.
Create a High Availability Design document.

Given access to the AA installer, the domain controller, client machine, and a network share accessible to all clients, create an AA Installation Group Policy Object of Active Directory (GPO) and deploy it to the client machines.

Review the Active Directory infrastructure.
Copy the AA installer to some network share which is accessible to all clients.
Create a new GPO or identify an existing GPO to setup for AA Installation.
Configure changes to the GPO.
Add the client machine into the scope of this GPO.
Restart the client machine.

Given the business requirement document, determine a windows session management strategy so that a deployment recommendation for session management in the customer environment is created.

Review the security infrastructure of the customer.
Identify and understand customer's session management requirements.

Determine key objectives for shared/roaming and personal workstation.
Collect the usage of fast user switching in the environment.
Collect the usage of kiosk environment.
Collect the second factor information.

Create the windows session management strategy document.

Given the authentication mechanisms, second factor options, and access to customer�s authentication requirement, determine a strong authentication strategy so that a strong authentication strategy is documented.

Analyze customer�s authentication requirements.
Identify the areas of authentication setup.

Analyze any second factor authentication policy requirements.
Analyze the Mobile ActiveCode requirement.
Analyze any OTP requirement.

Identify the second factor(s) to use: passive Radio Frequency Identification (RFID), Active RFID, Fingerprint, and USB SmartCard.
Validate appropriate reader, if applicable.

Identify the readers that are compatible with the hardware.
Check the readers that are compatible with the operating systems supported by IBM Tivoli Access Manager for Enterprise Single Sign-On.
Eliminate the list further by comparing the readers with the ones supported by IBM Tivoli Access Manager for Enterprise Single Sign-On.

Document the strong authentication strategy.

Given customers� requirements, determine need and identify resources for any integration with IBM Tivoli Access Manager for Enterprise Single Sign-On API, so as to define an integration strategy (if needed).

Determine whether any customers� requirements need integration with IBM Tivoli Access Manager for Enterprise Single Sign-On API.
Identify the IBM Tivoli Access Manager for Enterprise Single Sign-On API that can meet the requirement (e.g. IBM Tivoli Access Manager for Enterprise Single Sign-On Provisioning API).
Define strategy and provide implementer (possibly self) information/documentation needed to implement the integration.

Given the prerequisites for databases, prepare the database so that the database is ready for IMS Server installation.

Identify customer database requirements.
Prepare the Database for the IMS Server installation.
Verify the network connection between the IMS Server and the Database Server if those are in different workstation or servers.
Obtain relevant access to create the DB instance to be used by IMS Server. .
Determine the path of the Database (where it is installed). .
Synchronize the system clocks if IMS database and IMS Server would be running on different machines.

Given requirements for upgrade, analyze the existing ESSO environment so that an appropriate upgrade strategy is created.

Determine upgrade steps.
Identify existing infrastructure affected by upgrade steps.
Identify necessary stakeholders in upgrade.
Create update strategy document containing above information with a notification plan.

Section 2: Implement

Given access to the customer applications and test credentials, utilize the AccessStudio wizard so that working AccessProfiles are created for the customer's applications.

Verify access to necessary applications.
Verify valid credentials for all applications.
Validate workflows required for each application (for example, change password, login, logout, and session timeout).
Verify if there is an existing profile.
Create AccessProfile using Assistant (wizard).
Test AccessProfile.

Given access to the customer applications and test credentials, utilize the AccessStudio advanced profiling so that working AccessProfiles are created for the customer's applications.

Verify access to necessary applications.
Verify valid credentials for all applications.
Validate workflows required for each application (for example, change password, login, logout, and session timeout).
Verify there is not an existing profile.
Create AccessProfile using Advanced profiling.
Test AccessProfile.

Given a functional IMS Server, set up the IMS Server and implement Web Workplace on the IMS Server so that a functional Web workplace is available.

Identify required Web workplace behavior and applications to be enabled.
Create Web AccessProfiles for identified web applications.
Set Web Workplace-related policies.
Embed Web Workplace links into customer Portal or VPN.

Section 3: Deployment

Given the IBM Tivoli Access Manager for Enterprise Single Sign-On Server installer, set up the server component so that the IMS Server is installed successfully.

Verify the operating system prerequisite and free disk space.
Install and configure the Database and configure the enterprise directory.
Verify the IMS prerequisites.
Run the installer of the Server.
Configure the hostname details and database instance details during the installation.
Verify that the IMS Server is installed on the system.

Given a test workstation, customers� requirement, and an existing IMS Server, install IBM Tivoli Access Manager for Enterprise Single Sign-On AccessAgent so that IBM Tivoli Access Manager for Enterprise Single Sign-On AccessAgent is installed on workstation with correct configurations.

Ensure that the machine to be installed on will get the correct machine policy template as defined in template assignments on AccessAdmin.
Ensure that an AccessAgent installer package is available and has been customized for the deployment. (Possible customizations include banner graphic, registry edits, ini file options, and editing the installer msi to point to the location of configuration files).
Ensure that second factor hardware is connected, if needed.
Ensure that drivers for second factor hardware are installed, if needed.
On the workstation, run the msi to install IBM Tivoli Access Manager for Enterprise Single Sign-On AccessAgent. A restart is needed on completion. This step can be done manually or thru any software deployment tool.

Given the IBM Tivoli Access Manager for Enterprise Single Sign-On Studio installer, set up the AccessStudio component so that AccessStudio is installed on the customer system.

Verify the operating system prerequisite and free disk space.
Install the AccessStudio.
Verify that the AccessStudio is installed on the system.

Section 4: Configuration

Given the requirements for IBM Tivoli Access Manager for Enterprise Single Sign-On IMS Server integration with a provisioning system, implement the Provisioning Bridge so that the user provisioning workflows are implemented successfully.

Identify the minimum requirements for both of the provisioning system and IMS Server that can integrate with the IMS.
Create an IMS Bridge account at IMS for use by the Provisioning Bridge.
Configure a key store for the IMS Provisioning Bridge on the provisioning server.
Configure the IMS Provisioning Bridge (to point to right key-store and IMS, etc).
If the provisioning system does not provide out-of-the-box integration with IMS

If the system is based on J2EE or supports Java interfaces, integrate with the IMS Bridge Java APIs.
If the system is capable of making command line calls, integrate with the IMS Bridge command line interfaces (tools) into the system.
If the system is capable of making SOAP calls, integrate with the IMS SOAP interfaces.

If the provisioning system provides out-of-the-box integration with IMS, configure it accordingly.
Test the system for successful integration with the Provisioning Bridge.

Given the IBM Tivoli Access Manager for Enterprise Single Sign-On Solution, implement the provisioning agent so that the provisioning agent is implemented on the customer environment.

Set up a new IMS Bridge using the IMS Configuration Utility.
Configure the correct certificates.
Configure the IBM Tivoli Access Manager for Enterprise Single Sign-On provisioning agent.
Test and install the provisioning agent.
Verify that the provisioning agent is implemented on the system.

Given an enterprise directory, implement the directory integration with IBM Tivoli Access Manager for Enterprise Single Sign-On so that IBM Tivoli Access Manager for Enterprise Single Sign-On is successfully integrated with enterprise directory structure.

Identify the appropriate directory connector.
Configure the enterprise directory using IMS Configuration Utility.
For Microsoft Active Directory (AD) deployments, enable "AD password sync" where appropriate.
Test the enterprise directory.

Given a VPN solution, a remote browser, a second factor authenticator, access the configuration pages and configure so that a user can use the remote access solution with VPN.

Configure the IMS using the Configuration Utility.

Open the IMS Configuration Utility webpage.
Configure Mobile ActiveCode (MAC)/one-time password (OTP) Settings.
Configure Message Connector settings.
Enable MAC/OTP for SSL VPN.
Configure Remote Authentication Dial-In User Service (RADIUS) interface.

Configure integration with the SSL VPN Appliance as indicated in IBM Tivoli Access Manager for Enterprise Single Sign-On Remote Access Integration Guide.

Given an understanding of the customers� requirements, customize user policies so that the user policy templates are designed, and subsequently configured on the IMS Server.

Create the User Policy templates based on customers� requirements.
Identify the default user policy template.
Determine the user directory attribute to be used for assignment.
Configure the assignment attribute in the IMS Configuration Utility.
Implement the policies in AccessAdmin.
Customize individual user policies if needed.

Given access to the Solution Document and customers� IBM Tivoli Access Manager for Enterprise Single Sign-On Environment, configure workstation usage workflows so that the desired workstation usage workflows are created.

Configure Personal Workstation Usage Workflow.

Set up IAM Enterprise in a Personal Workstation.
Implement Personal Workstation lock, unlock, logon, and logoff scripts, if needed.

Configure Usage workflows for shared desktop.

Determine Usage workflows for shared desktop.
Implement shared desktop lock, unlock, logon, and logoff scripts, if needed.

Configure Usage workflows for private desktop.

Determine Usage workflows for private desktop.
Implement private desktop lock, unlock, logon, and logoff scripts, if needed.

Configure Usage workflows for roaming desktop.

Determine Usage workflows for roaming desktop.
Implement roaming desktop for Citrix/TS environment.

Given access to the Solution Document and customer�s IBM Tivoli Access Manager for Enterprise Single Sign-On Environment, define the machine policy templates and assignments so that the desired Machine Template Policy with assignments is created.

Create new Machine Policy Templates based on customers� requirements.

Configure Authentication Policy.
Configure Wallet Policy.
Configure Signup policy.
Configure Shared Workstation Policy and AccessAgent Policy.
Create the rules for assignment.

Select one of the new Machine Policy Template as the default policy to be used.
Change the template assignment of existing machines if reassignment is required.

Given a functional IMS Server and client requirements for the thin client, deploy the corresponding thin client solution so that the thin client is working.

Determine the type of remote server (Terminal server or Citrix).
Install AccessAgent on the remote server and ensure it is configured as a shared

Set the server�s AccessAgent policies.
Enable port redirection and mapping if using Radio-Frequency Identification (RFID).
Test out the configuration.

Given access to Citrix server and customer�s requirement on Citrix, integrate AccessAgent with Citrix so that automation is enabled for published applications.

Analyze the user policy on the Citrix server.
Create Citrix machine policy template with the network provider policy set to enabled.
Assign the Citrix server to the Citrix machine policy template.
Install AccessAgent on Citrix server.
Verify that the AccessAgent icon is visible on the local machine system tray when user logs into Citrix published application.
Test the published application for Single Sign-on (or other automation) on Citrix.

Given access to customer�s audit requirement, configure and generate the audit logs so that the Audit log report is created.

Define custom audit logs to be generated by the agents, if necessary.
Configure the audit log events listed on the server interface.
Select the search criteria for audit logs.
Define the specific duration for which the audit logs are required and generate the report.
Use published log database schema to generate reports using an external reporting tool, if necessary.
Print the Audit log report.

Given the customer's housekeeping requirements, configure the functionality on IBM Tivoli Access Manager for Enterprise Single Sign-On IMS so that the server installation is automatically maintained in a desired state in the future.

Determine frequency of housekeeping.
Determine the items to be included in housekeeping, including log pruning, database backup, and server configuration backup.
Use IMS Configurator tool to set up housekeeping tasks in accordance with customers� requirements.
Alternatively use customer-defined housekeeping tasks.

Given the customers� requirements, determine the process to customize IBM Tivoli Access Manager for Enterprise Single Sign-On so that the requirements are met and the system can be implemented successfully.

Configure the IBM Tivoli Access Manager for Enterprise Single Sign-On IMS Server.

After installation, modify the IMS configuration settings to address requirements such as enterprise directories to be integrated, AccessAdmin user interface customizations, housekeeping, etc.
Restart the service and run through the Setup Assistant on AccessAdmin to configure the default user policy template, machine policy templates and assignments, and system policies.
Review the system policies, machine policy templates (and assignments), and user policy templates (and assignments). Create new ones if needed.
Review and create the required saved Audit searches.

Customize the IBM Tivoli Access Manager for Enterprise Single Sign-On AccessAgent Package.

Review and make changes to the package based on Graphical Identification and Authentication, Logon Banner, IMS Server fully qualified domain name (FQDN), and requirements in the INI file.
Review and make changes to default registry settings in the deployment options registry file.
Add in any files or scripts to be distributed with the installer in the Config folder.
Review and make changes to the MSI installer file based on software distribution mechanism.
Install any third-party components required for second factor support prior to AccessAgent install.

Customize the IBM Tivoli Access Manager for Enterprise Single Sign-On AccessProfiles.

Review the application screens and Single Sign-On workflow requirements for each application and profile them accordingly.

Test the customizations and obtain the customer�s sign off.

Given a running IMS Server, run the IMS Configuration Utility so that the IMS Server is configured.

Open IMS Configuration Utility.
Use the IMS Configuration Utility.

Set up new enterprise directories.
Provide IMS administrator.
Set up housekeeping.
Set up advance settings, etc.

Save changes and stop the IMS Server.
Restart the IMS Server.

Given the requirements for an application�s authentication to be augmented using IBM Tivoli Access Manager for Enterprise Single Sign-On OTP functionality, implement a solution so that the OTP authentication using third-party token requirements is addressed.

Configure the IMS Server to enable OTP (time-based and/or Open AuTHentication (OATH)) for the authentication service to be strengthened.
Install OTP token support on the IMS.
Configure RADIUS authentication for the application (server) whose authentication service is to be strengthened.
Enable users sign up (registration) through AccessAdmin.
Set the ActiveCode enabled bindings for each token user.
Set the requisite User and System policy settings.
For OATH based OTP tokens, set the OATH look-ahead number and token reset window.
Configure the bypass option for OTP authentication.
Test the solution to ensure it to meet the customers� requirements.

Given the requirements for an application�s authentication to be augmented using IBM Tivoli Access Manager for Enterprise Single Sign-On MAC functionality, implement a solution so that the MAC authentication requirements are addressed.

Configure MAC settings on the IMS Server.
Configure an existing message connector on the IMS Server for the selected MAC delivery channel. (Or develop a new message connector)
Configure the IMS Server�s RADIUS Authentication interface if the application supports RADIUS authentication.

Configure the Application�s Authentication Server to perform RADIUS authentication with the IMS�s RADIUS server.
Configure the Application�s Server to direct the client to display the MAC challenge screen on first authentication step success.
Customize the Application�s client user interface to show appropriate messaging on the MAC challenge screen.

For non-RADIUS authentication supporting applications

Customize the application logon interface to include a request for MAC or provide a separate MAC request page.
Develop a SOAP Client with the ability to make authentication calls and MAC request calls to the IMS.

Configure a bypass option for MAC Authentication.
Test the solution to ensure it to meet the customers� requirements.

Given end user availability, functional AccessAgent, and IMS components, utilize AccessAgent or AccessAssistant sign-up functionality so that users are successfully signed up with IBM Tivoli Access Manager for Enterprise Single Sign-On.

Ensure user has second factor available if applicable (RFID badge etc).
Sign up using:

The AccessAgent sign up process
AccessAssistant
External provisioning system

Given access to the Solution Document, customer�s IBM Tivoli Access Manager for Enterprise Single Sign-On Environment, and system policies, define the self-service functionality so that the self-service functionality is defined.

Define Secret Question list for End users to sign up during first time login based on customers� requirements.
Enable Self Service functionality and set the corresponding policies required to authorize.

Enable self-service password reset.
Enable self-service second factor registration.
Enable self-service for authorization code generation.

Test and deploy the self-service functionality.
Include the self-service definitions in the user policy templates.

Given a functional IMS Server, configure user access to AccessAssistant so that AccessAssistant is working.

Set AccessAssistant-related system policies.
Configure AccessAssistant-related policies in user policy templates.
Configure AccessAssistant-related policies for specific users.
Test access for users.

Given the organization security policy, configure the IMS system policy so that IMS system policy is configured successfully.

Review the default system policy settings.
Modify the default system policy settings according to customers� requirements through AccessAdmin.
Wait for the Sync period for the application of this system Polices.
Verify that the IMS Server Policy is configured successfully.

Given access to customer environment and business requirement, set policy priorities so that the policy priority is implemented.

Analyze customer�s policy requirements.
Determine the scope of the policy (such as Machine, User, System policy).
Modify the policy priorities and execute the command-line tool.

Given the customers� requirements regarding application screens and workflows (Application Design Document), modify an existing profile so that each application can be profiled successfully to meet the requirements.

Determine the modifications required in order to make the existing profile work accordingly.
Determine details like Account Data Template, Authentication Service (and groups), to be used in the profile.
Complete the Application Design Template based on the options determined.
Test out the profile.

Given IMS Server installation, define the IMS Server administrator and set up the roles for administrators, helpdesk, and end user so that the users have been assigned roles.

Provision the IMS Server administrator user.
Log on to the AccessAdmin as the Administrator.
Search for users.
Choose a user to change his role.
Open administrative policies.
Change the role user and updated.
Enable the automatic role assignment for large deployments if it is necessary.

Run the IMS Configuration utility.
Specify the AD attribute for automatic role assignment.
Restart the IMS Server.

Assign Helpdesk through user policy templates.

Given multiple configured databases and an installed IMS Server Solution, configure additional datasource so that an additional datasource is configured in the IMS Server.

Map the input of datasource with appropriate databases information (IMS, Log or external).
Configure the external attributes in the datasource.
Update the configuration and restart the IMS Service.
Verify that the configuration of the datasource is complete.

Section 5: Administration

Given AccessStudio, administrative privileges on the IMS Server, access to applications and notification when applications are modified, the AccessProfiles should be reviewed and updated so that they are always up to date and working correctly.

Evaluate applications which are to be updated or changed to validate if the AccessProfile remains functional.
Modify AccessProfile so that it is able to work with old version as well as the new version.
Test in a staging environment.
Deploy to production IMS Server once new profile is working correctly.

Given access to the Solution Document, the customer�s IBM Tivoli Access Manager for Enterprise Single Sign-On environment, and Disaster Recovery (DR) site, determine and establish a DR regime so that an effective failover to DR environment is achieved in the event of a failure in the production environment.

Determine failover and recovery criteria for IBM Tivoli Access Manager for Enterprise Single Sign-On components.
Determine backup and restore strategy for IMS database.
Set up DR environment in a separate site or location.
Test DR environment for failover situations.

Given the IMS Server, manage audit logs and reports through the IMS Server so that audit logs and reports can be viewed by the Administrator.

Search the audit logs based on the query.
Save the Query for the audit Logs.
Search the Reports on the IMS Server based on user information, token, User information, and Helpdesk activity.
Manage the Reports based on the page size.

Given that a new server host is prepared, the IMS database is on a separate host and the DNS and load balancer config is changed to accommodate new DNS name, move the IMS to another server host machine so that IMS is successfully migrated to a different server machine.

Back up entire IMS folder from original server and copy to new server.
If DNS name is changed, re-generate IMS SSL cert using the new DNS name, and import to IMS's keystore on new server.
Set up IMS to run as a Windows service on the new server.
Start up IMS (within the IMS cluster environment, if applicable) and test.
If there are multiple IMS Servers, repeat above steps.

Given database access, migrate the IMS database to a different database server so that the IMS is operational with a new database server.

Stop all IMS Servers.
Move IMS database from one database instance/server to another.
Create database account (with required privileges) for IMS to use and test access to the database using this account.
Reconfigure IMS configuration file on IMS to point to the new database server and to use the new DB account credentials.
Restart IMS and test.
If there are multiple IMS Servers, repeat the configuration change on each server (or copy over ims.xml), and restart.

Section 6: Performance Tuning and Problem Determination

Given existing IBM Tivoli Access Manager for Enterprise Single Sign-On installation, identify and implement measures for improving performance so that the server and client components perform at optimal levels.

Identify and address opportunities for Improving Server performance, for example, configure Java memory parameters on the IMS web server or configure the LDAP lookup timeout on a directory connector.
Identify and address opportunities for Improving Agent performance, for example, performance may be tuned by removing unnecessary ApplicationProflies, lowering the log level, and excluding AccessAgent installation folder from certain runtime scans, adjust the synch interval between client and server, adjust communication timeouts, etc.
Identify and address opportunities for improving database performance, for example, log pruning, changing memory allocated to database, and create indexes.

Given an issue with the IBM Tivoli Access Manager for Enterprise Single Sign-On IMS Server functionality, troubleshoot the server utilizing tools provided so that the issue can be identified.

Identify that the problem at hand is an IMS Server issue, and obtain the result-code provided in the IMS error logs (or on the Status page in AccessAdmin).
Identify the cause of the specific error code in the diagnostics pages.
If the result-code is related to integrate with the enterprise directory, utilize the enterprise directory troubleshooting capability provided by the diagnostics pages.
Identify the issue.

Given IBM Tivoli Access Manager for Enterprise Single Sign-On installation with lost connectivity to the IMS Server, troubleshoot IMS connectivity issues so that the connectivity problem can be identified.

Determine if the client machine is on the network. .
Determine if certificates between the IMS and the Agent are set up correctly.
Determine if an intervening firewall between the client machine and IMS Server.
Determine if any network configuration issue, such as DNS problems.
Determine if an intervening application protector between the client machine and IMS Server.
Determine if some personal firewall or anti-spyware is blocking traffic from winlogon.exe.
Determine if the registry settings are corrupted or configured incorrectly, if AccessAgent is pointing to the wrong IMS Server.
Check to see if the IMS Server is up and running (ping test, visual inspection, etc).
Check to ensure the IMS Service is running (services.msc).
Try to �Set IMS Server Location� from a client workstation.
Identify the connectivity issue.

Given IBM Tivoli Access Manager for Enterprise Single Sign-On operation issues with users, computers or servers, recover from common user/computer situations so that the issue is resolved.

Understand common issues affecting:

Users, for example, user forgets password, user forgets key.
Computers, for example, the user tries to log on to AccessAgent and unlock the computer but it is unsuccessful.
Servers, for example, IMS Server has crashed database has crashed.

Start the appropriate recovery workflow.
Resolve the issue.

Test registration

Authorized Prometric test centers (worldwide testing)