CA Strong Authentication Administration Guide › Managing Organizations › Creating and Activating Organizations › Create Organizations in CA AuthMinder Repository

Create Organizations in CA AuthMinder Repository

Follow these steps:

1. Click the Organizations tab.
2. Under the Manage Organizations section, click the Create Organization link to display the Create Organization page.
3. Enter the details of the organization.

   Organization Information:

   Organization Name

   Enter the unique ID for the organization that you want to create.

   Note: You specify this value to log in to this organization, not the Display Name of the organization.

   Display Name

   Enter a unique descriptive name for the organization.

   Note: This name appears on all other Administration Console pages and reports.

   Description

   Provide a description for the administrators who will manage this organization.

   Note: You can provide additional details for later reference for the organization by using this field.

   Administrator Authentication Mechanism

   Select the mechanism that will be used to authenticate administrators belonging to this organization.

   Administration Console supports the following three types of authentication mechanisms:

   Basic User Password

   This is the built-in authentication mechanism that is provided by Administration Console. If you select this option, then administrators log in to the Console by specifying their ID and password.

   WebFort Password

   This is the WebFort password authentication method. If you select this option, then the administrator credentials are issued and authenticated by CA AuthMinder Server.

   To use this mechanism, the Administration Console must be connected to CA AuthMinder Server. You can set the connection details in the WebFort Connectivity page, see "Configuring CA AuthMinder Connectivity" for more information.

   Key Label Configuration

   CA AuthMinder enables you to use hardware- or software-based encryption of your sensitive data. You can choose the encryption mode by using the arcotcommon.ini configuration file. For more information, see the appendix, "Configuration Files and Options" in the CA Strong Authentication Installation Guide.

   Irrespective of hardware or software encryption, all Arcot products use the Global Key Label or the organization-specific key label for encrypting user and organization data.

   If you are using hardware encryption, then this label serves only as a reference (or pointer) to the actual 3DES key stored in the HSM device, and therefore must match the HSM key label. However, in the case of software-based encryption, this label acts as the key.

   Use Global Key

   This option is selected by default. Deselect this option if you want to override the Global Key Label you specified in the bootstrap process and specify a new label for software-based encryption or hardware-based encryption.

   Key Label

   If you deselected the Use Global Key option, then specify the new key label that you want to use for the organization.

   Storage Type

   Indicates whether the encryption key is stored in the database (Software) or the HSM (Hardware).

   Localization Configuration:

   Use Global Configuration

   Select this option to use the localization parameters that are configured at the global level.

   Date Time Format

   If you deselected the Use Global Configuration option, then specify the Date Time format that you want to use.

   Preferred Locale

   If you deselected the Use Global Configuration option, then select a preferred locale.

   User Data Location:

   Repository Type

   Select Arcot Database. By specifying this option, the user and administrator details for the new organization will be stored in the RDBMS repository supported by CA AuthMinder.

   Custom Attributes

   Use this section to provide additional information specific to the organization you are creating.

   Name

   Name of the custom attribute.

   Value

   Value of the custom attribute.

4. Click Next.

   The Select Attribute(s) for Encryption page appears.

5. In the Attribute(s) for Encryption section, perform one of the following steps:
   • Select Use Global Configuration if you want to use the global settings for your attribute encryption set configuration.
   • Select the attributes that you want to encrypt from the Available Attributes for Encryption list and add them to the Attributes Selected for Encryption list.

     Click the > button to move selected attributes to the desired list. You can also click the >> button to move all attributes to the required lists.

     Note: Hold the Ctrl key to select more than one attribute at a time.

6. Click Next.

   The Add Administrators page appears.

   Note: This page is not displayed, if all the administrators currently present in the system have scope to manage all organizations.

   From the Available Administrators list, select the administrators who will manage the organization and click the > button to add the administrator to the Managing Administrators list.

   The Available Administrators list displays all the administrators who can manage the new organization.

   Note: If some administrators have scope to manage all organizations in the system, then the corresponding entries for those administrators do not appear in this list.

   The Managing Administrators list displays the administrators that you have selected to manage this organization.

7. Click the Next to proceed.

   The Configure Account Type page appears only if the logged-in administrator has account types to manage. If the logged-in administrator does not have any account types to manage, then the Configure Email/Telephone Type page appears.

   1. In the Assign Account Types section, select account types from the Available list and click the > button to move them to the Selected list.

      The Configure Account Custom Attributes page appears.

   2. Specify one or more attributes for the account.
8. Click Next to proceed.

   The Configure Email/Telephone Type page appears.

9. Specify the mandatory and optional email address and telephone number types the user must provide.
10. Click Skip to use the email and telephone types that are configured at the system level and move to the Activate Organization page, or click Save to save your changes.
11. In the Activate Organization page, click Enable to activate the new organization.

    A message appears.

12. Click OK to complete the process.

    Note: Even if you do not choose to activate the organization, the organization is created in Initial state. You can activate the organization later. For instructions, see Activating Organizations in Initial State.

13. Refresh all deployed CA AuthMinder Server instances. See Refresh a Server Instance for instructions about how to perform this procedure.

    Note: If you have configured the attribute encryption set, account types, and email and telephone types while creating the organization, ensure that you refresh both the system configuration and organization cache. If you do not refresh the organization-level cache, the system gets into an unrecoverable state.