search cancel

How to mandate users to set up security questions

book

Article ID: 42210

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Introduction/Summary:

Some customers need to enforce their users have their security questions set up. How can you make sure this be done?

  

Background:

Without SiteMinder in the mix , it will be quite difficult for Identity Manager on its own to enforce that. Even if you make the Questions and Answers fields mandatory on the task that sets them up (i.e: Modify My Profile , for example) then you still need to direct the user to that page until they are provided. Identity Manager has no real way to make this redirection.

 

Environment:

Any Identity Manager version.

Any application server.

SiteMinder integration.

 

 

Instructions:

1. Have your Identity Manager integrated with SiteMinder.

2. Designate a certain attribute in your corporate store that will flag these users that do or don't have the questions and answers set up. You need to know which users to redirect and which are already set up and do not need this redirect.

 

3. Since SiteMinder protects the logins to Identity Manager and authenticates the users then you can build a SiteMinder active response object that acts upon users successful authentication. In your response you can query the designated attribute and call the direct IDM task page if the user needs the redirect. If the user does not need the redirect then simply don't do anything and the login process will resume normally. The redirect itself would be something like: http://<myBaseIDM_URL.com>/iam/im/<MyIME_Alias>/ui7/index.jsp?task.tag=<TaskTagOfSettingQuestions>

 

 

Additional Information:

 

None. 

Environment

Release: CAIDMB99000-12.6.7-Identity Manager-B to B
Component: