CA Strong Authentication Windows Installation Guide › Deploy CA Strong Authentication on a Single System › Post-Installation Tasks › How to Bootstrap the System › Perform the Bootstrapping Tasks

Perform the Bootstrapping Tasks

When you first log in to CA Advanced Authentication as the Master Administrator (MA), the Summary screen for the Bootstrap wizard screen appears.

To bootstrap the system using the wizard:

1. Click Begin.

   The Change Password screen appears.

2. Specify the Old Password, New Password, Confirm Password, and click Next.

   The Configure Global Key Label screen appears.

3. Specify the Global Key Label, and click Next.

   CA Strong Authentication enables you to use hardware- or software-based encryption for your sensitive data. Irrespective of hardware or software encryption, the Global Key Label is used for encrypting user and organization data.

   If you are using hardware encryption, then this label serves only as a reference (or pointer) to the actual 3DES key stored in the HSM device, and therefore the key label must match the HSM key label. However, in the case of software-based encryption, this label acts as the reference to the actual software key in the database.

   Important! After you complete the bootstrapping process, you can not update this key label.

   The Storage Type field indicates whether the encryption key is stored in the database (Software) or the HSM (Hardware).

   The Configure Default Organization screen appears.

4. Under the Default Organization Configuration section, specify the following parameters for the Default Organization:
   • Display Name: The descriptive name of the organization. This name appears on all other CA Advanced Authentication pages and reports.
   • Administrator Authentication Mechanism: The mechanism that is used to authenticate administrators belonging to the Default Organization. CA Advanced Authentication supports three types of authentication methods for the administrators to log in:
     • Basic

       If you choose this option, then the inbuilt authentication method provided by CA Advanced Authentication is used for authenticating the administrators.

     • LDAP User Password

       If you choose this option, then the administrators are authenticated using their credentials that are stored in the directory service.

     Note: If this mechanism is used for authenticating administrators, then you must deploy UDS, as discussed in the "Deploying User Data Service" section.

     • CA Strong Authentication User Password

       If you select the CA Strong Authentication User Password option here, then the credentials are issued and authenticated by the CA Strong Authentication Server.

     Book: Refer to CA CA Strong Authentication Administration Guide for more information on how to do this.

5. Under the Key Label Configuration section of the Configure Default Organization screen, specify the following:
   • Use Global Key: This option is selected by default. Deselect this option if you want to override the Global Key Label you specified in the preceding step and specify a new encryption label.
   • Key Label: If you deselected the Use Global Key option, then specify the new key label that you want to use for the Default Organization.
   • Storage Type: This field indicates whether the encryption key is stored in the database (Software) or the HSM (Hardware).
6. Click Finish to complete the bootstrapping process.

   CA Advanced Authentication initialization is completed, as indicated in the Finish screen.

7. Click Continue to proceed with other configurations using CA Advanced Authentication.