Integration Guide › Integrating with CA AuthMinder › CA AuthMinder Integration

CA AuthMinder Integration

CA ControlMinder integrates with CA AuthMinder to provide a strong authentication option for privileged and other native users of the operating system.

The CA ControlMinder system administrator restricts interactive sessions coming from a terminal by adding users to a group. To get write permission to files, users in this group must authenticate themselves using CA ArcotID OTP (one-time passwords).

After authentication, CA ControlMinder does not apply the rules created for the native user (“root”), but it applies rules to users according to their internal identities. CA ControlMinder differentiates non-restricted, restricted, and promoted users, and applies specific rules to them.

• When a user name from the interactive_restricted group logs in interactively, CA ControlMinder identifies him as "restricted_name".

  Examples:

  • When root logs in interactively, CA ControlMinder applies the rules for the user "restricted_root" (if specified) or otherwise "_default" restricted rules.
  • When root logs in non-interactively, CA ControlMinder applies the rules for the root user.
• When a user from the interactive_restricted group promotes himself with an enterprise name, CA ControlMinder identifies him as "name2".

  Example:

  • When root promotes as "name2", CA ControlMinder applies the rules for the user "name2".