How to mandate users to set up security questions

book

Article ID: 36536

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Issue:

 

Some customers need to enforce their users have their security questions set up. How can you make sure this be done?

 

Well, without SiteMinder in the mix , it will be quite difficult for Identity Manager on its own to enforce that. Even if you make the Questions and Answers fields mandatory on the task that sets them up (i.e: Modify My Profile , for example) then you still need to direct the user to that page until they are provided. Identity Manager has no real way to make this redirection.   However, CA Single Sign On/Siteminder has this ability.

 

 

Resolution:

 

1. Have your Identity Manager integrated with CA Single Sign On/Siteminder.

2. Designate a certain attribute in your corporate store that will flag these users that do or don't have the questions and answers set up. You need to know which users to redirect and which are already set up and do not need this redirect.

3. Since CA Single Sign On/Siteminder protects the logins to Identity Manager and authenticates the users then you can build a CA Single Sign On/Siteminder active response object that acts upon users successful authentication. In your response you can query the designated attribute and call the direct IDM task page if the user needs the redirect. If the user does not need the redirect then simply don't do anything and the login process will resume normally. The redirect itself would be something like: http://<myBaseIDM_URL.com>/iam/im/<MyIME_Alias>/ui7/index.jsp?task.tag=<TaskTagOfSettingQuestions>

Environment

Release: CAIDMB99000-12.6.7-Identity Manager-B to B
Component: