Previous Topic: PLS Support for FIPS and IPv6Next Topic: Frequently Asked Questions

CA Identity Manager Connector GuidesConnectors GuideConnecting to EndpointsCA SSO Connector for Advanced Policy ServerConnector Specific Features

Connector Specific Features

This section details your connector's specific management features, such as how to acquire and explore your endpoint. Also included are account, provisioning roles, account template, and group information specifically for your connector.

Acquire a CA Single Sign-On Server

You must acquire the CA Single Sign-On server before you can administer it with CA Identity Manager. When acquiring an CA Single Sign-On server, perform the following steps from the Endpoint Type task view:

  1. Register the server as an endpoint in CA Identity Manager.

    Use the PLS Endpoint property sheet to register an CA Single Sign-On server. During the registration process, CA Identity Manager identifies the CA Single Sign-On server you want to administer and gathers information about it.

    Note: Ping the node name from the Provisioning Server. If the ping is successful, then you know that CA Identity Manager will find the PLS node.

  2. Explore the objects that exist in the endpoint.

    After registering the server in CA Identity Manager, you can explore its contents. Use the Explore and Correlate Endpoint dialog. The Exploration process finds all accounts and groups in the SSO server.. You can correlate the accounts with global users at this time or you can correlate them later.

  3. Correlate the explored accounts with global users.

    When you correlate accounts, CA Identity Manager creates or links the accounts on an endpoint with global users, as follows:

    1. CA Identity Manager attempts to match the account name with each existing global user name. If a match is found, CA Identity Manager associates the PLS account with the global user. If a match is not found, CA Identity Manager performs the next step.
    2. CA Identity Manager attempts to match the full name with each existing global user's full name. If a match is found, CA Identity Manager associates the PLS account with the global user. If a match is not found, CA Identity Manager performs the next step.
    3. If the Create Global Users as Needed button is checked, CA Identity Manager creates a new global user and then associates the PLS account with the global user. If the Create Global Users as Needed button is unchecked, CA Identity Manager performs the next step.
    4. CA Identity Manager associates the PLS account with the [default user] object.
Roles and Policies

In addition to defining privileges for users, you can also set login information for applications associated with account templates. Once this information is set, users have access to the applications if they provide the correct login information.

The PLS Default Policy, provided with the CA SSO Connector for Advanced Policy Server, gives a user the minimum security level needed to access an endpoint. You can use it as a model to create new account templates.

PLS Control Applications

You can view certain basic properties of an application on the PLS Application property sheet. You are not allowed to add, delete, or modify an application.

PLS Control Application Groups

You can view certain basic properties of an application group on the PLS Application Group property sheet. You are not allowed to add, delete, or modify an application group.

PLS Terminal

You can assign accounts and groups to access the current terminal objects. Use the PLS Terminal property sheet to set the profile, day/time restrictions, and account and group access to terminals.

PLS Authorization Hosts

You can assign accounts and groups to access the current authorization host objects. Use the PLS Authhost property sheet to set the profile, and account and group access to authorization hosts.