CA Risk Authentication Administration Guide › Getting Started › Configuring CA Risk Authentication Settings › Configuring Account Type

Configuring Account Type

All CA Risk Authentication users are identified in the system by a unique user name. CA Risk Authentication supports the concept of an account or account ID, which is an alternate ID to identify the user in addition to the user name. A user can have none or one or more accounts or account IDs.

For example, consider a banking institution that uses the ID from the Customer Information File (CIF), to identify the customer Robert Laurie. In addition, Robert uses his account number to transact with the bank for his fixed deposits and a different account ID for online banking. So, Robert has the following account IDs:

• User name: BNG02132457678
• Account ID for fixed deposits: 000203876544
• Account ID for online banking: rlaurie

An account type is an attribute that qualifies the account ID and provides additional context about the usage of the account ID. An account ID uniquely identifies a user for the given account type.

For example, you can create an account type called FIXED_DEPOSITS for the 000203876544 account ID, and another account type called ONLINE_BANKING for the account ID rlaurie.

Now, Robert can log in to the system and can be identified by using any of the following:

• BNG02132457678
• FIXED_DEPOSITS/000203876544
• ONLINE_BANKING/rlaurie

You must first create an account type in CA Advanced Authentication before you can create account IDs. You can configure the account type to be available to specific organizations only or to all organizations, including those that will be created in the future. At the organization level, each organization can choose to support a set of account types.

Note: No two users in a given organization can have the same account ID for an account type. At any given point of time, the following combinations are unique:
– Organization name, account type, and account ID
– Organization name, user name

Creating a New Account Type

To create a new account type:

1. Ensure that you are logged in as the MA.
2. Activate the Services and Server Configurations tab.
3. Click the CA Advanced Authentication option on the submenu of the tab.
4. Under the UDS Configuration section on the side-bar menu, click the Configure Account Type link to display the page.
5. (If this is the first account type you are adding) In the Add New Account Type section:
   1. Enter the Name of the account type.
   2. Enter a Display Name for the account type.
   3. If required, expand the Custom Attributes section by clicking the + sign and specify the Name and Value of any custom attributes that you want to add for this account type.
6. In the Assign to Organizations section:
   • Select Apply to all Organizations if you want to use this account type for all existing organizations and any organizations that might be created in future.

     Note: Such accounts appear under Global Accounts on the Configure Account Type page at the organization level.

     or

   • Select the organization to which you want to assign the account type from the Available list and move it to the Selected list.

     Note: The accounts assigned to specific organizations appear under Organization-Specific Accounts on the Configure Account Type page at the organization level.

     Click the > or < buttons to move selected organizations to the desired list. You can also click the >> or << buttons to move all organizations to the desired lists.

7. Click Create to create the account type.
8. Refresh all deployed CA Risk Authentication Server instances.

   See "Refreshing the Cache" for instructions on how to do this.

Updating an Account Type

To update an existing account type:

1. Select the account type from the Select Account Type drop-down list.
2. Modify the required fields, and click Update.

   Note: Once you have created an account type, you cannot change the Name of the account type.

3. Refresh all deployed CA Risk Authentication Server instances.

   See "Refreshing the Cache" for instructions on how to do this.

Deleting an Account Type

To delete an existing account type:

1. Select the account type from the Select Account Type drop-down list.
2. Click Delete.

   Important! You cannot delete an account type if you have created user accounts for that type.

3. Refresh all deployed CA Risk Authentication Server instances.

   See "Refreshing the Cache" for instructions on how to do this.

Configuring Email and Telephone Type

CA Risk Authentication allows you to specify multiple email addresses and telephone numbers while creating users and administrators. The MA can configure multiple email and telephone types at the global level, which automatically become available to all organizations. The MA can also specify certain email and telephone types as mandatory and others as optional. When you create users and administrators in an organization, you will be prompted to enter values for the email and telephone types that the MA has configured. You can choose to override the global configuration by configuring different email and telephone types while creating organizations.

Note: Email and telephone type attributes configured at the organization level take precedence over the values configured at the global level.

Email and Telephone Type Example

Assume that the MA has configured the following email and telephone types that all organizations must use:

• (Mandatory) Email type: Work Email
• (Optional) Email type: Personal Email
• (Mandatory) Telephone type: Work Phone
• (Optional) Telephone type: Home Phone

Now, when a GA creates an administrator for an organization Org1 that uses the global configuration, the GA must provide values for Work Email and Work Phone. The GA can add additional email and telephone types, if required, but cannot delete the global configurations for email and telephone types.

To configure the email and telephone type attributes:

1. Ensure that you are logged in as the MA.
2. Activate the Services and Server Configurations tab.
3. Click the CA Advanced Authentication option on the submenu of the tab.
4. Under the UDS Configuration section on the side-bar menu, click the Email/Telephone Type Configuration link to display the page.
5. In the Configure Email Type section, specify:
   • Priority of the Email Type if more than one Email Type has been configured. Use the up and down icons to change the priority. Priority defines the order in which Email Types are displayed on the screen when multiple Email Types have been configured.
   • Type of email that you want to configure, for example, work or personal.
   • Display Name of the Email Type.
   • Whether the Email Type is Mandatory.

   For example, you can configure work email with a higher priority than your personal email so that work email gets displayed first.

6. In the Configure Telephone Type section, specify:
   • Priority of the Telephone Type if more than one Telephone Type has been configured. Use the up and down icons to change the priority. Priority defines the order in which Telephone Types are displayed on the screen when multiple Telephone Types have been configured.
   • Type of phone number that you want to configure, for example, home or work.
   • Display Name of the Telephone Type.
   • Whether the Telephone Type is Mandatory.

   Note: You can add multiple Email and Telephone types by clicking the + icon.

7. Click Save to save your changes.
8. Refresh all deployed CA Risk Authentication Server instances.

   See "Refreshing the Cache" for instructions on how to do this.