Previous Topic: Configure the GINANext Topic: Settings in the Registry

Administration GuidePassword ManagementReset Password or Unlock AccountConfigure the Credential Provider

Configure the Credential Provider

You can use a configuration tool to configure a system where you installed the Credential Provider.

To configure the Credential Provider

  1. In Windows Explorer, go to the directory where you installed the Credential Provider. For example:

    C:\Program Files\CA\Identity Manager\Credential Provider

  2. Double-click the following executable:

    CAIMCredProvConfig.exe

  3. Select the first credential provider as the default.

    The logon screen may not honor this setting if a second credential provider is in use, such as the Microsoft password credential provider. If both providers attempt to be the default provider, the logon screen chooses a default provider.

  4. Disable the default credential provider.
  5. Fill in the Credential Provider Settings fields as follows:
    Link1 URL

    The URL used when a user clicks on the Forgot Password link. This link should be a URL to a web interface for password resetting.

    The following is a sample link:

    http://eastern.local:8080/iam/im/environment/ca12/index.jsp?
task.tag=forgottenpassword&facesViewId=/app/page/screen/
fp_identify_user.jsp&action.forgottenpassword.identify=1&USER_ID=%username%

    For this URL, self registration must be working on the environment. Also, verify the Self Service URL for the CA IdentityMinder environment works from the system where you are installing the Credential Provider. Occurrences of %username% are replaced by the value in the username field on the Logon dialog.

    Link2 URL

    The URL used when a user clicks on the Unlock Account link. This link should be a URL to a web interface allowing a user to unlock an account. Occurrences of %username% are replaced by the value in the username field on the Logon dialog.

    Link3 URL

    The URL used when a user clicks on the New Account link. This link should be a URL to a web interface allowing a user to create an account. The %username% tag is not expected to be part of the URL

    The following is a sample link:

    C:\Program Files\CA\Identity Manager\Provisioning GINA\cube.exe
http://eastern.local:8080/iam/im/environment/ca12/index.jsp?
task.tag=selfregistration
    Use Custom Title

    A customized string replaces the “Powered by …” string that appears on the title bar, or in the Return dialog of the Credential Provider. The location of the string is based on the Section 508 Compliance setting.

    Domain

    The Provisioning domain name.

    Section 508 Compliance (Use Return in menu)

    Enables the Return function in a menu. If unchecked, the Return dialog is used.

    Disable All Dialogs

    Prevents the Secure Browser from spawning the new dialog windows, such as pop-ups, errors, and print or save dialogs. Disable All Dialogs is enabled to improve the system security, but can be disabled for troubleshooting purposes.

  6. Fill in the Secure Browser Settings fields as follows:
    Allow List

    A regular expression pattern matching URLs to which access should always be allowed.

    Deny List

    A regular expression pattern matching URLs to which access should always be denied.

  7. (Optional) Click Export to export your settings to another system.
  8. Click OK to save your settings.
  9. Restart the system.