CA Advanced Authentication Integration

CA Advanced Authentication Integration
capamsc141
capamsc141
Privileged Access Manager
integrates with CA Advanced Authentication to provide a strong authentication option for privileged and other native users of the operating system.
The 
Privileged Access Manager
system administrator restricts interactive sessions coming from a terminal by adding users to a group. To get write permission to files, users in this group must authenticate themselves using CA ArcotID OTP (one-time passwords).
After authentication, 
Privileged Access Manager
does not apply the rules created for the native user (root), but it applies rules to users according to their internal identities. 
Privileged Access Manager
differentiates non-restricted, restricted, and promoted users, and applies specific rules to them.
  • When a user
    name
    from the interactive_restricted group logs in interactively, 
    Privileged Access Manager
    identifies him as "restricted_
    name".
    Examples:
    • When root logs in interactively, 
      Privileged Access Manager
      applies the rules for the user "restricted_root" (if specified) or otherwise "_default" restricted rules.
    • When root logs in non-interactively, 
      Privileged Access Manager
      applies the rules for the root user.
  • When a user from the interactive_restricted group promotes himself with an enterprise name, 
    Privileged Access Manager
    identifies him as "
    name2".
    Example:
    • When root promotes as "name2", 
      Privileged Access Manager
      applies the rules for the user "name2
      ".