Can a CA Strong Authentication Organization be Deleted and reused

book

Article ID: 131247

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction

CA Strong Authentication design does not allow complete deletion of a Organization and User in an Organization from a system. Hence an Organization cannot be deleted completely from the system. This is for audit and security reasons. In the current design a user can be identified uniquely via the Organization and Username combination. "Deletion" of the User in a Organization and the Organization itself means that the Organization is neither usable nor the Organization name re-usable. Note that the audit records for any Organization and User combination are very important to preserve for security and compliance. Removal of an Organization hence is not supported by CA Strong Authentication. 

This document provides some steps to achieve such a deletion for an exception case where the Company Policy/Approvals would have to achieve and document the approvals to bypass the design. This is clearly not a Broadcom Engineering blessed solution and any adoption of the procedure would require adequate back up of the existing DB and testing to adopt  the deletion steps. 

Can a CA Strong Authentication Organization be Deleted and reused ? 

Environment

CA Strong Authentication

CA Risk Authentication

Resolution

The design intentionally does not allow deletion of the Organization (Tenant) in a multi-tenant capable environment. The basic reason is for security and compliance purposes an existing Organization/User combination is not allowed to be deleted. 

Additional Information

*** Use these instruction with caution as this requires Management buy in to bypass CA Strong Authentication security design. Adoption of these steps to delete an Organization requires one to test thoroughly and take adequate backups before making these changes  **** 

Step 1: Post "deleting" the Organization via Admin UI, please Remove the deleted organization rows from the following tables ( if there are any) 

[ARCMNKEY] 

[ARPFCMNORGCONFIGSTATE] 

[ARADMINPAFCONFIG] 

[ARUDSREPOSITORYUSER] 

[ARUDSORGREPOATTRIBUTES] 

[ARUDSORGANIZATION] 

[ARUDSLDAPREPOSITORYCONFIG] 


Step 2: Restart the web/App server hosting the Arcot Admin console web application. Restart the Webfort and Riskfort services.