CA IdentityMinder is a great application for managing identities and assigning roles and tasks. All of these identities end up residing on some form of LDAP or a relational database with very specific schemas and “well known” attribute assignments. One of the most used well known attributes is “admin roles”. It is supposed to be
The CA SiteMinder Web Agent stores user session and resource information in cache memory. This technique improves the Web Agent efficiency because it does not have to retrieve information from the Policy Server each time a user requests access. Web Agents store contextual information pertaining to user access privileges in a session cache. By tuning the cache
Tips & Tricks: CA Access Control Debugging Anytime you suspect you have problems with Access Control Enterprise Manager or one of its endpoints, before calling support for help, we have compiled a few tips to help accelerate the support process. Of course it is always prudent to have your server types and AC versions available
The CA RCM documentation is not very clear about how Reverse Association works and provides no guidelines on how to work with Virtual attributes, how they are mapped or controlled in Provisioning Manager. Group membership provisioning from the account or user side can be accomplished in CA RCM Connector Express using Virtual attributes . ***NOTE:
Over the course of the last few years I have seen configurations of CA Identity Manager for High Availability without using Application Server clustering. This is no longer an accepted practice. My understanding is that CA will be publishing an official technical note to debunk the old practice. As such I’d recommend the following Over
On a recent project our team was charging full steam ahead with creating a custom JNDI connector with Connector Xpress to use an existing LDAP as an authoritative source for CA IdM. We encountered a few complexities using Explore Correlate as an all in one synchronization tool that I ‘d like to share. Simple Answer:
Whenever a task is created in CA Identity Manager, there is automatically a Query, Search, ObjectProfileTab, SearchResult and other pseudo tasks created in the WSDL, if the task is Web Services Enabled. If you study the web services samples that come with the CA IdM product and see all of the searches, etc… you know
Unfortunately the check-box, when checked as true, does not work in CA IdM R12.5 🙁 Fortunately, we located a workaround! ***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK. We do not guarantee this will work in your environment and make no warranties*** Unfortunately
What is the CA Identity Manager Bulk Loader and what is it good for? The Bulk Loader is used to make changes to a large number of objects simultaneously. Being a newbie to IDMWORKS, and not used to writing blog entries, I decided to gain inspiration by browsing some of the older posts to see
I thought I’d talk about the two Access Manager products I am familiar with. This is not a “who’s the better product” thread, they both are excellent products. If someone asked me to pick one, I would hem and haw until they forgot they asked. As far as the user experience goes, I don’t think