Policy Server Guides › Policy Server Configuration Guide › SiteMinder Administrators › How to Create an Administrator

How to Create an Administrator

CA SiteMinder® Administrator accounts can be configured with fine-grained privileges that determine the administrative capabilities available to that administrator.

CA SiteMinder® Administrators are assigned rights to one or more security categories that define their administrative authority in the Administrative UI, such as managing authentication schemes. By default an administrator has access to every CA SiteMinder® object related to an assigned security category.

1. Review the Administrator considerations
2. Create an Administrator account
3. Verify the privileges of the new Administrator account

Administrator Considerations

Before you configure an Administrator, review the following considerations:

• This process only applies if the Administrative UI is using an external store as the source of administrator identities. If you are using the policy store as the source of administrator identities, create a Legacy Administrator.
• The rights the Administrator requires to perform their job. Identifying these rights helps you delegate the appropriate security categories to the administrator.
• If the Administrators is responsible for application security policies.

Important! An Administrator can only create another Administrator with the same or lesser privileges. For example, if an Administrator has GUI and reports privileges, the Administrator can create another Administrator with GUI and reports privileges, but not with local API privileges. Similarly, an Administrator can only create another Administrator with the same or lesser scope (as defined by an assigned workspace).

Create the Administrator Account

Create an Administrator by creating an Administrator account.

Follow these steps:

1. Log in to the Administrative UI using the CA SiteMinder® superuser or other administrator account with appropriate privileges.
2. Click Administration, Administrator.
3. Click Administrators.

   The Administrators page appears.

4. Click Create Administrator.

   The Create Administrator page appears.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

5. Click Lookup under General.

   The Select a User page appears.

6. Specify search criteria and click Search.

   Users matching the specified criteria appear.

7. Select the administrator you want and click Select.

   The full name of the user appears in the Name field. The URL to the user in the external store appears in the User Path field.

8. Do one of the following:
   • To delegate all rights, select Super User and click Submit.
   • To delegate fine-grained privileges, go to the next step.
9. Specify how the administrator is permitted to interact with the Policy Server in the Access Methods section. Select as many methods as required for the administrator to perform tasks.

   Example: If an administrator is going to use the XPSImport and XPSExport tools, select Import Allowed and Export Allowed.

10. Click Add in the Rights section.

    The Create Permission: Select Security Categories page appears.

11. Select the security categories you want the administrator to manage and click OK.

    Note: Security categories comprise one or more tasks that correspond to specific CA SiteMinder® objects. For more information, see the Administrative UI online help system.

    The Create Administrator page reappears; added security categories populate the Rights table.

12. Specify the permissions you want the administrator to have for each security category in the Rights table.

    Note: Only permissions applicable for security categories in the table are available. For more information about permissions, see the Administrative UI online help system.

13. Click Submit.

The Administrator is created.

More information:

Limit Administrator Account Scope Using Workspaces Overview

Administrator Accounts

Verify that the Administrator has the Correct Privileges

After creating an Administrator account, verify that it has the correct privileges.

Follow these steps:

1. Log in to the Administrative UI using the Administrator account.
2. Explore the Administrative UI to verify that only the security categories for which the account has rights are visible.

You have completed the required tasks to create an Administrator account.