ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How do I use scope admin to modify auth scheme on a realm?

book

Article ID: 237884

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder)

Issue/Introduction

There is an existing two factor auth scheme on a realm.

In case of emergency, one would like to switch back to basic or fcc form auth scheme.

The admin who conducts this change prefers not to be a SiteMinder super user.

Environment

Release : 12.8

Component :

Resolution

  • Create a non super user account which has login access to admin UI.
  • Assign this user account "Domain Administration" and "Policy Administration", under Modify Administrator-->Rights.
  • Create a new workspace, while searching object type as "Domain", so only specific domains are chosen for this workspace.
  • Under administrators again, assign the newly created workspace to this non super user account.
  • Submit the change and logout.
  • Now login with non super user account, the user should only see allowed domains and be able to modify the realm/auth scheme settings.

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/administrators/create-a-scoped-administrator.html