CA Advanced Authentication Integration
CA Advanced Authentication Integration
capamsc141
capamsc141
Privileged Access Manager
integrates with CA Advanced Authentication to provide a strong authentication option for privileged and other native users of the operating system.The
Privileged Access Manager
system administrator restricts interactive sessions coming from a terminal by adding users to a group. To get write permission to files, users in this group must authenticate themselves using CA ArcotID OTP (one-time passwords).After authentication,
Privileged Access Manager
does not apply the rules created for the native user (root), but it applies rules to users according to their internal identities. Privileged Access Manager
differentiates non-restricted, restricted, and promoted users, and applies specific rules to them.- When a usernamefrom the interactive_restricted group logs in interactively,Privileged Access Manageridentifies him as "restricted_name".Examples:
- When root logs in interactively,Privileged Access Managerapplies the rules for the user "restricted_root" (if specified) or otherwise "_default" restricted rules.
- When root logs in non-interactively,Privileged Access Managerapplies the rules for the root user.
- When a user from the interactive_restricted group promotes himself with an enterprise name,Privileged Access Manageridentifies him as "name2".Example:
- When root promotes as "name2",Privileged Access Managerapplies the rules for the user "name2".