Previous Topic: Cookie Settings for Session and Identity CookiesNext Topic: Change the Default Administrator Password from the UI

CA SiteMinder® Federation Standalone GuideFederation System AdministrationHow to Configure Federation System Administrators

How to Configure Federation System Administrators

Several administrators in your company can be responsible for different aspects of federation management. Assign the administration of CA SiteMinder® Federation Standalone to multiple people in your organization to establish accountability and separation of responsibilities.

A default administrator account is always available to manage CA SiteMinder® Federation Standalone. After you add new administrators, optionally, disable the default administrator account.

Create and maintain new administrative users through the Administrative UI.

The following graphic shows the configuration tasks for configuring administrators:

Flow diagram of tasks to configure multiple aministrators

Complete these tasks:

  1. Connect to external user directories.
  2. Select users as administrators.
  3. Change the default administrator password (optional).

Connect to External User Stores

Create the connections to LDAP and ODBC external user stores. This step is required before you configure multiple administrators.

LDAP and ODBC are the two types of directories that the federation system supports.

Follow these steps:

  1. Click the User Directory tab.
  2. Click Connect to LDAP or ODBC.

    You can select Action, Modify to verify the configuration of an existing directory connection.

  3. Configure any required settings in each section. Red dots mark the required parameters.

    Note: Click Help for a description of fields, controls, and their respective requirements.

  4. Enter a value for the Universal ID Attribute (LDAP) or Universal ID Column (OCBC). This value is required to configure multiple administrators.

    The universal ID value must be unique to identify individual users in a directory. For example, enter uid as a universal ID for an LDAP directory because each user has a uid. Do not use an attribute such as a job title because many users have the same title.

  5. For LDAP directories only, specify values for the Start and End User DN Lookup fields. For example:
    Start User DN Lookup

    (uid=

    End User DN Lookup

    )

  6. Click Test Connection to verify that the connection is valid.

    You can click View Contents to list the contents of the user directory.

    Note:

  7. Click Save.

    If your settings are valid, you are redirected to the View User Directories dialog.

    The connection to the directory is configured.

Select Users as Administrators

After you establish connections to external user stores, select users to serve as administrators.

Follow these steps:

  1. Log on to the Administrative UI.
  2. Navigate to Infrastructure, Administrators.
  3. Select Configure Administrative Authentication.
  4. To complete these tasks, follow the configuration wizard:
  5. Log out of the Administrative UI and wait several minutes for the changes to take effect.
  6. Log back in to the Administrative UI with the credentials of a new administrator.
  7. Return to the Administrators page to see the list of administrators is displayed.
  8. (Optional). From the Action menu, modify or view an entry.

    You can change the privileges of the administrator and can enable/disable the administrator.

Multiple administrators are now available to divide ederation management tasks.

Change the Default Administrator Password (Optional)

For security reasons, change the password that gives the default administrator access to the Administrative UI. This task is optional.

Two methods are available to change the administrator password: