Troubleshooting guide

1: Important RSA Authentication Manager 8.1 Changes 23
RSA Authentication Manager 6.1 to 8.1 Migration Guide
Changes to Sites
Security domains in version 8.1 are equivalent to sites in version 6.1. However,
security domains can be nested within one another or hierarchically. Additionally,
security domains are the only method available to scope administrators to grouped
objects. You cannot scope administrators to groups.
Security domains represent areas of administrative responsibility, typically business
units, departments, partners, and so on. Security domains establish ownership and
namespaces for objects (users, roles, permissions, and so on) within the deployment.
All Authentication Manager objects are managed by a security domain. Security
domains allow you to:
Organize and manage users
Enforce system policies
Delegate administration
You can limit an administrators managerial scope by limiting access to security
domains.
When you install a new deployment, a top-level security domain is automatically
created in the deployment.
By default, all users from an external LDAP identity source are added to the top-level
security domain. You can use the Security Console to move these users to a
lower-level security domain manually or you can configure domain mapping to add
these users to a specific security domain. Users created in the internal database using
the Security Console are created in the security domain to which the administrator has
access.
For example, you can create separate security domains for each department, such as
Finance, Research and Development (R&D), and Human Resources (HR), and then
move users and user groups from each department into the corresponding security
domain.
To manage users in a given security domain, an administrator must have permission to
manage that security domain. It is important to know:
Security domains are organized in a hierarchy within a deployment.
Security domains are often created to mirror the departmental structure or the
geographic locations of an organization.
Authentication Manager version 8.1 supports up to 1000 security domains. If you
plan to use more than the supported number, contact RSA Customer Support.