Previous Topic: Access Control for SAM Connection InformationNext Topic: IBM OS/400 Connection Information

Enterprise Administration GuideImplementing Shared AccountsSAM Endpoint and Shared Account CreationCreate an EndpointACF2 Connection Information

ACF2 Connection Information

The ACF2 endpoint type lets you manage privileged ACF2 accounts.

When you create endpoints of this type, provide the following information so that the Enterprise Management Server can connect to the endpoint:

User Login

Defines the name of an administrative user of the endpoint. SAM uses this account to perform administrative tasks on the endpoint, for example, to connect to the endpoint, discover accounts, and change passwords.

Note the following points:

If you specify the Advanced option, SAM does not use the User Login account to perform administrative tasks. Instead, SAM uses the specified privileged account to perform administrative tasks on the endpoint.

Example: cn=user1,acf2admingrp=lids,host=ACF2,o=company,c=com

Password

Defines the password of the administrative user of the endpoint.

URL

Defines the URL that CA ControlMinder Enterprise Management can use to connect to the endpoint. The URL specifies a particular type of database server.

Note: Specify a user account with administrative privileges on both itself and other users accounts.

Secure Connection between ACF2 and CA ControlMinder

We recommend that you secure the connection between ACF2 and CA ControlMinder over SSL. Using SSL you can encrypt data and can reduce security risks. You can configure the Enterprise Management Server to communicate with the ACF2 endpoint over SSL by installing the ACF2 certificate in the Enterprise Management Server.

Note: This procedure assumes that you have set up SSL on the ACF2 endpoint and acquired your ACF2 certificate.

Important! In environments that are configured for high availability, perform this procedure on all the Distribution and Connector Servers (Primary, Secondary, and Distribution servers).

Follow these steps:

  1. Click Windows Start Menu, Settings, Control Panel, Services.

    The Windows Services dialog appears.

  2. Stop CA Identity Manager - Connector Server (Java) service.
  3. Copy the ACF2 certificate to the following location: 
    CA_home\AccessControlDistributionServer\JCS\conf
    CA_home

    Specifies the directory where you have installed CA products.

  4. Open a command prompt window.
  5. Navigate to CA_home\AccessControlDistributionServer\JCS\conf
  6. Run the following command: 
    keytool -importcert -trustcacerts -file your_ACF2_certificate -keystore ssl.keystore

    Note: When prompted for a password, enter the communication password.

    The ACF2 certificate is registered with JCS.

  7. Open the Windows Services dialog.
  8. Start CA Identity Manager - Connector Server (Java) service.

You have successfully secured the connection between ACF2 and CA ControlMinder.