Previous Topic: How to Configure an Endpoint to Use a Web Services SAM SDK ApplicationNext Topic: Managing Shared Accounts


Configure Terminal Integration

Terminal integration lets you integrate your CA ControlMinder endpoints with SAM to track the activities of users who check out privileged accounts. Terminal integration also lets you specify that a user must use automatic login to log in to a CA ControlMinder endpoint with the privileged account.

Before you configure terminal integration, verify the following:

The following procedure explains how to configure terminal integration for a single privileged account. You can use a policy to configure terminal integration for privileged accounts with the same name on multiple endpoints.

Follow these steps:

  1. In CA ControlMinder Endpoint Management, click Users tab, Users subtab, and search for the privileged account for which you want to configure terminal integration.

    Note: For more information about how to manage users in CA ControlMinder Endpoint Management, see the Online Help.

  2. Select the privileged account.

    The General tab of the Modify User task page appears.

  3. Select one or both of the following options in the Account section:
    Use original identity

    Specifies that CA ControlMinder uses the name of the user who checked out the privileged account, not the privileged account user name, when it writes audit records and makes authorization decisions.

    Requires an account checkout prior to login

    Specifies that a user must use automatic login to log in to the endpoint with this privileged account. Automatic login lets a user check out a password and automatically log in to an endpoint from CA ControlMinder Enterprise Management.

  4. Click Save.

    You have enabled and configured terminal integration for the privileged account.

Example: A Policy That Configures Terminal Integration

The following policy configures terminal integration for an account named administrator. The policy specifies that CA ControlMinder uses the original user name when it writes audit records and makes authorization decisions, and that users must use automatic login to log in to the endpoint as administrator:

editusr administrator pupm_flags(use_original_identity)
editusr administrator pupm_flags(required_checkout)

More information:

Terminal Integration

How Terminal Integration Works

Implementation Considerations for Terminal Integration