Checking out a credential or credential pool

Use this procedure to use privileges not associated with your normal account.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To get access to this task, or to have someone complete this task for you, contact your system administrator.

About this task

Credentials to obtain shared access are used by multiple users based on roles. They enable users to temporarily access needed applications. The checkout process places an exclusive lock on the credential. No other user can use the same credential concurrently.

Procedure

  1. Log in to the self-service console.
  2. On the Home page, click Check out Credential.

    The Check out Credential page is displayed. It lists the credentials that you are authorized to access.

    • If you see the credential you want to access, continue to step 3.
    • If you do not see the credential you want, you can search for additional credentials:
    1. In the Search for Credential section of the page, click Search. The Search for Shared Credential page is displayed.
    2. Enter the name of the credential or credential pool that you want to access, or specify additional search criteria. Click Search.

      You can filter based on Service Type, Account Type, or Organizational Unit. You can specify that the search includes credentials for which you do not have authorization. See the online help for more details on the filters.

      Optionally, you can click Browse to search for organizational units. If you click Browse, the Search for Organizational Unit page is displayed. Specify search filters and click Search.

      The search returns a Search Results table that contains a list of credentials.

  3. Click the credential that you want to check out.
    • If the Checkout Information page is displayed, you are authorized to access the credential. Continue with step 4.
    • If the Select Role page is displayed, you are not authorized to access the credential. You must request a role to access the credential or credential pool. Complete the following steps:
    1. Select a role that has access authority for the selected shared credential or credential pool.

      The table lists the roles that have access authority. You must obtain membership in one of the roles in order to check out the credential or credential pool.

    2. The Request Role panel is displayed. Review the list of shared access entitlements for the role that you selected, and click Submit.
    3. A new page describes the request you submitted. Select one of the action links at the bottom of the page:
      • Click View My Requests to look at the status of your request.

        You must wait until your request is completed in order to continue with the check out of the credential or credential pool.

      • Click Check Out Credential to check out another credential.
      • Click the IBM Security Identity Manger Home link to return to the home page for the self service console.
    4. Return to step 2.
  4. Review the fields on the Checkout Information page and then complete the check out.

    By default, this page contains only the Credential checkout expiration time field and the Justification field, but your administrator might have added additional fields.

    1. The Credential checkout expiration time field displays the date and time when your access to the credential expires. The administrator specifies the default maximum allowed lifetime for each checked-out credential. You can modify the expiration time to shorten the lifetime of the checked-out credential; however, you cannot extend the lifetime.
    2. In the Justification field, explain the reason you need access to the credential. By default, this field is optional.
    3. Click Check out. The Checkout Confirmation page is displayed.

What to do next

Use the user ID and password that you checked out to log on to the application that you want to use.