Previous Topic: Creating and Activating OrganizationsNext Topic: Creating Organizations in LDAP Repository

CA RiskMinder Administration GuideManaging OrganizationsCreating and Activating OrganizationsCreating Organizations in RiskMinder Repository

Creating Organizations in RiskMinder Repository

To create an organization in the RiskMinder repository:

  1. Ensure that you are logged in with the required privileges to create the organization.
  2. Activate the Organizations tab.
  3. Under the Manage Organizations section, click the Create Organization link to display the Create Organization page.
  4. Enter the details of the organization, as discussed in the following table.

Field

Description

Organization Information

Organization Name

Enter the unique ID for the organization that you want to create.

Note: You have to specify this value to log in to this organization, not the Display Name of the organization.

Display Name

Enter a unique descriptive name for the organization.

Note: This name appears on all other Administration Console pages and reports.

Description

Provide a description for the administrators who will manage this organization.

Note: You can provide additional details for later reference for the organization by using this field.

Administrator Authentication Mechanism

Select the mechanism that will be used to authenticate administrators who belong to this organization.

Administration Console supports the following types of authentication mechanisms:

  • Basic User Password
    This is the in-built authentication mechanism provided by Administration Console. If you select this option, then administrators can log in to the Console by specifying their user ID and password.
  • LDAP User Password
    This mechanism is applicable only for LDAP organizations. The authentication policy is defined in the LDAP directory service. If you select this option, then administrators must use the credentials stored in LDAP to log in to the Console.

WebFort User Password
This is the AuthMinder user name-password authentication method. If you select this option, then the administrator credentials are issued and authenticated by the AuthMinder Server.
To use this mechanism, you must have CA AuthMinder installed and configured. For more information, see the CA AuthMinder Installation and Deployment Guide.

Key Label Configuration

RiskMinder enables you to use hardware- or software-based encryption of your sensitive data. You can choose the encryption mode by using the arcotcommon.ini configuration file. For more information, see the topic titled "HSM Encryption Settings" in the CA RiskMinder Installation and Deployment Guide.

Irrespective of hardware or software encryption, AuthMinder and RiskMinder use Global Key Label for encrypting user and organization data.
If you are using hardware encryption, then this label serves only as a reference (or pointer) to the actual 3DES key stored in the HSM device. In this case, the key label that you specify must match the HSM key label. However, in the case of software-based encryption, this label acts as the key.

Use Global Key

This option is selected by default. Deselect this option if you want to override the Global Key Label you specified in the bootstrap process and specify a new key label that will be used for encrypting organization-specific data.

Key Label

If you deselected the Use Global Key option, then specify the new key label that you want to use for the organization.

Storage Type

This option indicates whether the encryption key is stored in the database (Software) or the HSM (Hardware).

Localization Configuration

 

Use Global Configuration

Select this option to use the localization parameters that are configured at the global level.

Date Time Format

If you deselected the Use Global Configuration option, then specify the Date Time format that you want to use for this organization.

Preferred Locale

If you deselected the Use Global Configuration option, then select a preferred locale for this organization.

User Data Location

Repository Type

Select Arcot Database. By specifying this option, the user and administrator details for the new organization will be stored in the RDBMS repository supported by RiskMinder.

Custom Attributes

Use this section to provide additional information specific to the organization you are creating.

Name

Name of the custom attribute.

Value

Value of the custom attribute.
  1. Click Next.
  2. The Select Attribute(s) for Encryption page appears.
  3. In the Attribute(s) for Encryption section, do one of the following:
    1. Select Use Global Configuration if you want to use the global settings for your attribute encryption set configuration.

      or

    2. Select the attributes that you want to encrypt from the Available Attributes for Encryption list and move them to the Attributes Selected for Encryption list.

      Click the > or < buttons to move selected attributes to the desired list. You can also click the >> or << buttons to move all attributes to the desired lists.

  4. Click Next.

    The Add Administrators page appears.

    Note: This page is not displayed, if all the administrators currently present in the system have the scope to manage all organizations.

  5. From the Available Administrators list, select the administrators who will manage the organization and click the > button to add the administrator to the Managing Administrators list.

    The Available Administrators list displays all the administrators who can manage the new organization.

    Note: If some administrators have scope to manage all organizations in the system, then you will not see the corresponding entries for those administrators in this list.

    The Managing Administrators list displays the administrators that you have selected to manage this organization.

  6. Click Next to proceed.

    The Configure Account Type page appears.

    Note: That:
    – This page is not displayed if you have not created any account types.
    – Global account types will be selected by default.

  7. In the Assign Account Types section, select account types from the Available list and click the > button to move them to the Selected list.
  8. Click Next to proceed.

    The Configure Account Custom Attributes page appears.

    Note: This page is not displayed if you did not select any account types on the previous page.

  9. Provide Custom Attributes for your Account Type, and click Next.

    The Configure Email/Telephone Type page appears.

  10. Specify the mandatory and optional email address and telephone numbers the user must provide.
  11. Click Skip to use the email and telephone types configured at the system level and move to the next page, or click Save to save your changes.

    The Activate Organization page appears.

  12. Click Enable to activate the new organization.
    A message box appears.
  13. Click OK to complete the process.

    Note: If you do not choose to activate the organization, the organization is created in Initial state. You can activate the organization later. For instructions to do so, see "Activating Organizations in Initial State".

  14. Refresh all deployed RiskMinder Server instances.

    See "Refreshing the Cache" for instructions on how to do this.

    Caution: If you have configured the attribute encryption set, account types, and email and telephone types while creating the organization, ensure that you refresh both the system configuration and the organization cache. If you do not refresh the organization-level cache, the system gets into an unrecoverable state.