Previous Topic: Perform Post-Upgrade TasksNext Topic: How to Upgrade CA Risk Authentication for UNIX

CA Advanced Authentication Upgrade GuideCA Advanced Authentication UpgradingHow to Upgrade CA Risk Authentication on WindowsReplace Deprecated Rules with new Rules

Replace Deprecated Rules with new Rules

Four of the predefined rules have been deprecated in release 8.0. Alternative rules have been introduced for these deprecated rules. The following table lists the deprecated and new rules and rule mnemonics:

Deprecated Rule Name and Rule Mnemonic

New Rule Name and Rule Mnemonic

DeviceID Known (DEVICEIDCHECK)

Unknown DeviceID (UNKNOWNDEVICEID)

Device MFP Match (SIGMATCH)

Device MFP Not Match (MFPMISMATCH)

User Associated with DeviceID (USERDEVICEASSOCIATED)

User Not Associated with DeviceID (USERDEVICENOTASSOCIATED)

User Known (USERKNOWN)

Unknown User (UNKNOWNUSER)

Important! Although these rules have been deprecated, they are still available and you can use after the upgrade. We recommend that you replace each deprecated rule with the corresponding new rule by making the required changes in the rule expression.

For any of the four deprecated rules, if the rule evaluates to No, then the rule is considered to have matched. It is then used for scoring. In contrast, each of the other predefined rules is considered to have matched when they evaluate to Yes.

In each of the four new rules that is introduced in release 8.0, if the rule evaluates to Yes, then the rule is considered to have matched. In this way, the four new rules are consistent with the other predefined rules.

The following table lists examples that highlight the difference between the deprecated rules and new rules:

Sample Use Case

Deprecated Rule

Deprecated Rule Result

New Rule

New Rule Result

User does not exist in the CA Risk Authentication database.

USERKNOWN

No

UNKNOWNUSER

Yes

DeviceID does not exist in the CA Risk Authentication database.

DEVICEIDCHECK

No

UNKNOWNDEVICEID

Yes

MFP does not exist in the CA Risk Authentication database.

SIGMATCH

No

MFPMISMATCH

Yes

User is not associated with the DeviceID.

USERDEVICEASSOCIATED

No

USERDEVICENOTASSOCIATED

Yes

Follow these steps:

  1. Log in to the CA Advanced Authentication.
  2. In the Rule Configurations Report for all organizations and rulesets, verify whether any of the mnemonics listed in the Rule expression column belongs to the list of deprecated mnemonics.
  3. If a rule uses a deprecated mnemonic and if you do not want to use the deprecated mnemonic, use the corresponding new mnemonic.

    To modify a rule expression:

    1. Log in to the CA Advanced Authentication as the GA or OA.
    2. If you have logged in as the GA and you want to perform this procedure for a system ruleset, click the Services, Server Configurations.
    3. If you have logged in as the GA or OA to perform this procedure for a single organization, then do the following steps:
      • Activate the Organizations tab.
      • Go to Manage Organizations, and click Search Organization link.
      • Click the Search button on the Search Organization page.
      • Click the name of the organization.
      • Click the Configuration tab.
    4. Navigate to the side-bar menu, Rules Management.
    5. Click the Rules and Scoring Management link.
    6. From the Select a Ruleset list, select the ruleset.
    7. Click the rule that you want to modify.
    8. Make the required changes in the Rule that is developed on text field.
    9. Save the changes and close the Rule Builder page.
  4. Migrate the modified rule to the production environment, and then refresh the cache.

    Note: For detailed information about migrating a rule to the production environment and refreshing the cache, see the CA CA Risk Authentication Administration Guide.