Symantec IGA

CA Identity Suite 14.1 Virtual Appliance (vApp) + CA Single Sign-On 12.7

Requirement: Identity Portal authentication with AD user credentials  

Idea: Protecting CA Identity Portal with CA Single Sign-On as described in the documentation

Question/Doubt: If CA Identity Portal is integrated with CA-SSO, must CA Identity Manager also be integrated with CA-SSO?Please, consider we are taking about a vApp deployment.

Thanks and regards,

Gabriele

Hello Gabriele,

The documentation you listed:

Protecting CA Identity Portal with CA Single Sign-On - CA Identity Suite - 14.1 - CA Technologies Documentation 

Handles setup outside of CA Virtual Appliance and this will be doable without integrating CA Identity Manager. As for AD Authentication, CA Identity Portal would need to be integrated with CA Identity Manager or it can use Identity Governance if you prefer that. This reasoning is that Identity Portal needs a main connector to be able to login using user credentials. I have a post on setting up identity governance with AD authentication.

Ref:

AD Authentication with Identity Governance 

Regards,

Andrew Nguyen

Hi Andrew,

thanks for the clarification but I did not understand, for a vApp environment, if I want to integrate Identity Portal with CA-SSO to archive AD authentication, do I also have to integrate CA Identity Manager?

Or is it enough to integrate Identity Portal and configure TEWS in a particular way (which one?) to archive user impersonation for the WebService calls from Identity Portal to Identity Manager?

Hello Gabriele,

If you want to integrate CA SSO with Identity Portal, this would be possible for the Admin UI page but for the user page. This would depend on the main connector configured in Identity Portal which could either be Identity Manager or Identity Governance. Through those applications you would be able to set up SSO authentication using AD.

Regards,
Andrew Nguyen

Ciao Gabriele,

This is true for Identity Portal in general (whether on VApp or not), if you integrate Identity Portal with CA SSO you also need to integrate CA Identity Manager with CA SSO. TEWS will need to be configured for CA SSO authentication for all this to work.

KR
Russi

Ciao Russi,

thanks for you answer.

May you also clarify the impact of this sort of TEWS configuration on the default Bulk Load Client utility?

In other words, do I have to change the way the Bulk Load Client authenticate against CA Identity Manager and, in case, is it just a configuration task or a custom development is required?

Thanks and regards,

Gabriele

Hi Garbiele

Yes you also need to change Bulk Loader client configuration. I believe the following documentation links will help you:

Authenticating to the CA Identity Manager Server - CA Identity Management & Governance Connectors - CA Technologies Docu… 

and

CA Single-Sign-On Integration - CA Identity Suite - 14.1 - CA Technologies Documentation 

KR
Russi

Hi All,

Just to clarify, in order for Identity Portal/Identity Manager portal to use AD Authentication, we have to integrate with CA-SSO first ?

Hi William,

It depends on what you mean by AD authentication. AD authentication whereby user types his or her AD username and password to logon to Identity Portal does not require CA SSO integration. It also depends on which connector will be configured as your main connector. If you require integrated windows authentication or kerberos you will need to have CA SSO integration in place.

Hope this clarifies your doubts.

KR
Russi

Hi Russi,

Am referring "AD Authentication" where user types in AD username & password and logon Identity Portal.

Enable the Active Directory Authentication Module - CA Identity Manager - 14.1 - CA Technologies Documentation 

If I follow the steps above to Enable the AD Authentication module on CA IM and configure Identity Portal to use CA IM as the main connector.

Then Identity Portal should able to support AD Authentication correct ?

regards,

William