Administration Guide › CA IdentityMinder Mobile App › How to Configure CA IdentityMinder to Support the Mobile App › Configure Required Attributes

Configure Required Attributes

The CA IdentityMinder user store must include the following well-known attributes to enable user registration and access through the mobile app:

• %ACTCODE%—Identifies the attribute that stores a randomly generated activation number. After the user is registered, this attribute contains the word Registered.
• %ACTCODEVAL%—Identifies the attribute that stores the activation code that the client sets during registration time. CA IdentityMinder compares this value with the value of %ACTCODE%.
• %PWRESETCODE% —Identifies the attribute that stores an encrypted code, which provides single-factor authentication during a password reset

You map these well-known attributes to available user store attributes in the directory configuration file (directory.xml). If there are no available attributes, extend the user store schema. For more information about extending the schema, see the documentation for your user store.

Include the following data classifications in the attribute descriptions:

<DataClassification name="sensitive"/>

Replaces the reset code value with wildcard characters in task screens, audit records, and system logs.

Important! Do not include the sensitive data classification in the %ACTCODE% attribute definition. If you include the sensitive attribute, the mobile app does not work correctly.

<DataClassification name=" AttributeLevelEncrypt "/>

Encrypts and decrypts the reset code value as it is written and read from the user store using the defined encryption key.

<DataClassification name=" ignore_on_copy "/>

Causes CA IdentityMinder to ignore an attribute when an administrator creates a copy of an object in the User Console.

Follow these steps:

1. Log in to the Management Console.
2. Select Directories, then click the directory that contains mobile users.
3. Export the directory.
4. Add or modify an attribute description to include the %ACTCODE% well-known attribute.

   You can map any available attribute to the %ACTCODE% well-known.

   <ImsManagedObjectAttr
   physicalname="attr1"
   displayname="ActivationCode"
   description="Activiation Code"
   valuetype="String"
   required="false"
   multivalued="false"
   wellknown="%ACTCODE%"
   maxlength="0" 
   hidden="true"
   system="true">
   

   <DataClassification name="ignore_on_copy"/>  
   <DataClassification name=" AttributeLevelEncrypt"/>   
   </ImsManagedObjectAttr>
   

5. Repeat step 4 to define the %ACTCODEVAL% well-known attribute. Include the following data classifications:

   <DataClassification name="sensitive"/>
   <DataClassification name="ignore_on_copy"/>  
   <DataClassification name=" AttributeLevelEncrypt"/>   
   

6. Add an attribute description for the %PWRESETCODE% well-known attribute. Include the following data classifications:

   <DataClassification name="sensitive"/>
   <DataClassification name="ignore_on_copy"/>  
   <DataClassification name=" AttributeLevelEncrypt"/> 
   

   The attribute definition resembles the following example:

   <ImsManagedObjectAttr
   physicalname="XXXX"
   description="Password Reset Code"
   displayname="Password Reset Code"
   valuetype="String"
   wellknown="%PWRESETCODE%"
   maxlength="0"
   hidden="true"
   system="true">
   

   <DataClassification name="ignore_on_copy"/>
   <DataClassification name="sensitive"/>   
   <DataClassification name=" AttributeLevelEncrypt"/>   
   

   </ImsManagedObjectAttr>
   

7. Save the directory.xml file.
8. Load the saved directory.xml file by clicking Update in the Directory Properties page in the Management Console.