Can authentication manager have multiple domains?
Sorry, but your question is not clear. If you're referring to integrating multiple Active Directory "Domains", the answer is "yes". You can create multiple "Identity Sources" each of which map to an Active Directory "Domain".
You can also partition the server in a number of "Security Domains" and grant administrators rights only to their respective domains. There is a built-in, top-level "System Domain", but you are free to create sub-security domains as needed to model your business security and compartmentalization requirements. For example:
In this example, an administrator with a role in the "Finance" Security Domain can only see domain objects (i.e. users, tokens, agents) in that domain. An administrator can be granted multiple roles as needed to permit access to the domain objects contained therein. Roles can also be designed to allow administrators to delegate privileges to subordinates.
Security domains are also the component through which policies are associated with users, tokens and agents. In the example above, I have my server configured such that users in the "SystemPINDomain" get a system assigned PIN.
The proper use and configuration of "Security Domains" are a critical component in your Authentication Manager security model.
Retrieving data ...