Symantec Access Management

  • Private Community

  • 1.  Any API to clear users QnA from CA Strong Authentication?

    Posted Aug 16, 2018 02:35 PM

    I have a use case when a user forgets the answers and does not have access to internal enroll app, the user calls Help Desk to delete questions. The next time the user tries to login to an app .he will be asked to re-enroll.

     

    Thanks,

    Vlad



  • 2.  Re: Any API to clear users QnA from CA Strong Authentication?

    Broadcom Employee
    Posted Aug 16, 2018 05:51 PM

    hi Vlad, if i understand correctly, you want the user to be able to click some button on the application and reset their  QnA credentials instead of calling in. If my understanding of your requiremt is correct, you can delete users QnA credential using a soap call and then user will be taken to registration path after that if your application has the CreateCredential flow. OOTB AA has wsdl files that you can use to create a SOAP call to delete any credentials including QnA. The wsdl file is in arcot_home/wsdl/



  • 3.  Re: Any API to clear users QnA from CA Strong Authentication?

    Broadcom Employee
    Posted Aug 16, 2018 06:57 PM

    You can delete any credential including QnA using OOTB admin console.

    Login into Admin console using admin who can manage user credential like admin with global admin role and then search respective user then click on tab manage user credentials and then any registered credentials. 

     

    Update User Credential Information - CA Advanced Authentication - 9.0 - CA Technologies Documentation 

     



  • 4.  Re: Any API to clear users QnA from CA Strong Authentication?

    Posted Aug 17, 2018 12:11 PM

    I tried it before and it doesn't work how you would expect. When you delete QnA credentials through Admin Console it is not really deleted, it's status is changed to deleted in DB. Next time user tries to login to an app, AFM throws an error

    Your security questions credential is in inactive state. Please contact customer care for support.

    AFM doesn't try to enroll you again.



  • 5.  Re: Any API to clear users QnA from CA Strong Authentication?
    Best Answer

    Broadcom Employee
    Posted Aug 17, 2018 12:19 PM

    AA SDK API or SOAP calls will also result in the same behavior i.e. they will also change credential status as "deleted/inactive".

    You need to either update OOTB AFM code to read credential status and allow registration if it is inactive state or clean up DB for these credentials.



  • 6.  Re: Any API to clear users QnA from CA Strong Authentication?

    Posted Aug 17, 2018 12:23 PM

    Yes. I tested it. The same effect. I hoped no need to change AFM.



  • 7.  Re: Any API to clear users QnA from CA Strong Authentication?

    Broadcom Employee
    Posted Aug 24, 2018 03:36 PM

    Vlad,

     

    This needs to be customized at AFM to check QnA credential status check,  If credential is on Delete status you should redirect the user for re-enrollment.

     

    Thanks,

    Kiran N