CA IdentityMinder Administration Guide › CA IdentityMinder Mobile App › How to Configure CA IdentityMinder to Support the Mobile App › Create a Web Services Configuration

Create a Web Services Configuration

The mobile app uses REST web services to communicate with CA IdentityMinder. To support the mobile app, a system administrator creates a web service definition in the User Console.

Note: REST calls do not work if encryption in the web service configuration is enabled.

Follow these steps:

1. Log in to the User Console as a user with system administrator privileges.
2. Create a web service definition as follows:
   1. Navigate to System, WebServices, Create Web Services Configuration.
   2. On the Profile tab, complete the following fields:
      • Name: any name. For example: RestMobile
      • Identifier: unique identifier. The default value is RestMobile.

        The value of the Identifier field must match the value of restid in the mobile app configuration.

        Consider changing the value of the Identifier and the restid for increased security.

      • Enable Attribute: Select this check box.
   3. On the Security tab, complete the following:
      • Determine if you need to select the "Require Secure Communication" option:

   Note: Consider encrypting all mobile application http traffic. There are, typically, two ways to configure this traffic:

   • Using a Proxy Server: In this use case, the CA IdentityMinder server will be behind a firewall. You may decide not to secure the communication from the Proxy Server to the CA IdentityMinder server. However, you should ensure the http communication between the mobile application and the proxy server is secure. For this use case, do not select this option.
   • Directly to the CA IdentityMinder server: In this use case, the mobile client communicates directly to the CA IdentityMinder server; this http communication should be encrypted. To enforce that requirement, select this option.
   • Verify that Enable Encryption is not selected.

   Note: If encryption is enabled, user details do not display in the mobile app.

   1. On the Object Types tab, browse to USER, select USER, and click the Edit button.
   2. Select only Allow View Access.

      Remove other access permissions by clearing the Allow Modify Access, Allow Create Access and Allow Delete Access options.

   3. On the Self Administration tab, complete the following steps:
      • Select the Add button below Member Rule to create a member role and specify "all".

        Note: You can only create one member rule.

      • Enable Password Reset to support the Change Password feature in the mobile app.
   4. On the Member tab, build a member rule with the following criteria:
      • Activation Code = Registered, or
      • Activation Code >0
   5. Submit and Save the web service.

Configuring Additional Properties

On the Additional Properties tab, you can optionally specify additional property key-value pairs to support new functionality in the mobile app.

Use the following format:

• demoMode="Disable/Enable"
• multiAccount="Disable/Enable"
• managerTraversal="Disable/Enable"

Note: CA Technologies will provide instructions when administrators need to add additional properties.

However, these three features are enabled by default with mobile configurations:

• DemoMode: Allows you view a demonstration-version of the mobile app. This option is available in the Settings section of mobile app.
• MultiAccount: Allows you to add multiple accounts, specifically by adding multiple registered mobile users with their activation codes.
• ManagerTraversal: Displays the manager details of the approver and requester in the work item details.

You have to add the following Key-Value Pair in the Additional Properties tab on the CA IdentityMinder mobile configuration to disable those features in the mobile client.

• To enable or disable the Demo Mode feature

  Set DemoMode to equal Enable or Disable

  • demoMode="Disable/Enable"
• To enable or disable the multi-account feature

  Set MultiAccount to equal Enable or Disable

  • multiAccount="Disable/Enable"
• To enable or disable the Manager Traversal feature

  Set ManagerTraversal to equal Enable or Disable

  • managerTraversal="Disable/Enable"

Follow these steps:

1. Log into the CA IdentityMinder User Console as an administrator (superuser).
2. Click Tasks, System, Mobile Configuration, Create Mobile Configuration.
3. On the Additional Properties tab, specify additional property key-value pairs to support new functionality in the mobile app.
   • demoMode="Disable/Enable"
   • multiAccount="Disable/Enable"
   • managerTraversal="Disable/Enable"