Tivoli Access Manager integration prerequisites

The following prerequisites must be met to integrate IBM® Unica Marketing with IBM Tivoli Access Manager.

The Tivoli Access Manager WebSEAL junction must be configured to pass the user name (Short, not Full DN) as the HTTP variable in the URL request to the IBM® Unica Marketing application, and the IBM® Unica Marketing Web access control header variable property must be set to the name of this user name variable (by default, iv-user).

The Tivoli Access Manager policy server must be configured to use LDAP as its repository for storing group members and user attributes.

The IBM® Unica Marketing application URLs defined by a WebSEAL junction and the Java application server hosting the IBM® Unica Marketing application must refer to the same path.

All users who need to access IBM® Unica Marketing applications must belong to a group added to an Access Control List (ACL) with appropriate permissions. A WebSEAL junction that points to an application server where Marketing Platform is deployed must be attached to this ACL.

When users log out of an IBM® Unica Marketing application, they are not automatically logged out of Tivoli Access Manager. They must close their browser after they log out of an IBM® Unica Marketing application to log out of Tivoli Access Manager.

Enabling the IBM® Unica® Scheduler

If you plan to use the IBM® Unica® Scheduler, you must configure an Access Control List (ACL) policy in Tivoli as follows.

1.	Use Web Portal Manager to log in to the domain as a domain administrator.

2.	Click ACL > Create ACL, complete the Name and Description fields, and click Apply.

3.	Click ACL > List ACL, and from the Manage ACLs page, click the link for your ACL policy.

4.	From the ACL Properties page, click Create, and create two entries for your ACL, as follows.

For the first entry, set the entry type to unauthenticated and grant Trx - Traverse, read, and execute permissions.

For the second entry, set the entry type to Any-other and grant Trx - Traverse, read and execute permissions.

5.	On the ACL Properties page of the ACL, on the Attach tab, attach a protected object. Use the complete Scheduler servlet path in Tivoli, starting from WebSEAL and ending in /servlet/SchedulerAPIServlet.

Configuring settings for IBM® Unica® Optimize

If you plan to schedule IBM® Unica® Optimize sessions, you must configure an Access Control List (ACL) policy in Tivoli as follows.

1.	Use Web Portal Manager to log in to the domain as a domain administrator.

2.	Click ACL > Create ACL, complete the Name and Description fields, and click Apply.

3.	Click ACL > List ACL, and from the Manage ACLs page, click the link for your ACL policy.

4.	From the ACL Properties page, click Create, and create two entries for your ACL, as follows.

For the first entry, set the entry type to unauthenticated and grant Trx - Traverse, read, and execute permissions.

For the second entry, set the entry type to Any-other and grant Trx - Traverse, read, and execute permissions.

5.	On the ACL Properties page of the ACL, on the Attach tab, attach the following as protected objects.

/Campaign/optimize/ext_runOptimizeSession.do

/Campaign/optimize/ext_optimizeSessionProgress.do

/Campaign/optimize/ext_doLogout.do