CA Strong Authentication

This guide describes how to use the CA Strong Authentication connector to connect CA IAM CS to CA Strong Authentication (formerly CA Arcot WebFort).
imgc10-in-progress
This guide describes how to use the CA Strong Authentication connector to connect CA IAM CS to CA Strong Authentication (formerly CA Arcot WebFort).
This guide is for CA Identity Minder administrators.
 
Note:
 Some CA products still contain the terms Arcot and WebFort in their code objects and other artifacts. Therefore, you will find occurrences of Arcot and WebFort in this guide and in CA Strong Authentication documentation.
Downloads:
•    The CA Strong Authentication connector is bundled with CA Identity Manager 12.6 SP4 and higher.
Information and Instructions:
 
 
CA Strong Authentication
CA Strong Authentication is an authentication server that supports the following types of credentials:
  •  
    Activation Code
     -- Provisions a user with a single-use password for one-off authentication, such as activating the ArcotOTP account on a mobile device.
  •  
    ArcotID OTP
     (mobile authentication) -- Allows a user to generate a secure one time password with a mobile device.
  •  
    ArcotID PKI
     -- Generates a secure software token which the user can then download to their computer or phone. CA Strong Authentication then authenticates the user based on the user’s chosen PIN plus the ArcotID PKI token on the user’s device.
  •  
    QnA (question and answer)
     -- Allows a user to set up a list of security questions and answers. These questions and answers allow users to identify themselves when another form of authentication is unavailable (such as when a user has forgotten their password).
CA Strong Authentication also allows the consuming application to use paired multiple credentials together to create a stronger authentication solution.
Two Ways to Manage CA Strong Authentication
You can manage CA Strong Authentication in these ways:
  • Manage with CA Identity Manager, using CA IAM CS and the Arcot connector
  • Manage with CA Strong Authentication Flow Manager (AFM)
The following table compares these ways:
 
Tasks
 
 
CA Identity Manager
 
 
CA Strong Authentication Flow Manager 
 
Self-service for end-users
Provided in the User Console or the mobile application
Provided by your customization of the SAFM
Setup tasks, such as defining organizations and managing credential profiles
In the User Console
In the CA Strong Authentication Admin Console
Managing QnA lists
In the User Console
In the CA Strong Authentication Admin Console
Note: 
QnA credentials are not synchronized. Both are fully supported and should be thought of as separate credentials. Use one of the approaches in this table, but not both.