Tech Tip: CA Identity Manager - How to mandate users to set up security questions

Discussion created by Sagi_Gabay Employee on Jul 16, 2015
Latest reply on Aug 30, 2016 by krishna.casso

Some customers need to enforce their users have their security questions set up. How can you make sure this be done?


Well, without SiteMinder in the mix , it will be quite difficult for Identity Manager on its own to enforce that. Even if you make the Questions and Answers fields mandatory on the task that sets them up (i.e: Modify My Profile , for example) then you still need to direct the user to that page until they are provided. Identity Manager has no real way to make this redirection.


But, SiteMinder does.


Here is how:

1. Have your Identity Manager integrated with SiteMinder.

2. Designate a certain attribute in your corporate store that will flag these users that do or don't have the questions and answers set up. You need to know which users to redirect and which are already set up and do not need this redirect.

3. Since SiteMinder protects the logins to Identity Manager and authenticates the users then you can build a SiteMinder active response object that acts upon users successful authentication. In your response you can query the designated attribute and call the direct IDM task page if the user needs the redirect. If the user does not need the redirect then simply don't do anything and the login process will resume normally. The redirect itself would be something like: http://<>/iam/im/<MyIME_Alias>/ui7/index.jsp?task.tag=<TaskTagOfSettingQuestions>




Sagi Gabay

CA Technologies