Symantec Access Management

 View Only
  • 1.  CA Adapter: SAML integration with LDAP,Risk Authentication

    Posted Aug 16, 2019 05:21 AM

    Hi,

    I've implemented CA Adapter with SAML integration with LDAP,Risk Authentication and would like to email CA Mobile OTP and email as notification mechanisms. However, the adapter is always emailing the OTP and whenever I use the OTP from the CA Mobile OTP app it is not being accepted.

    I've attached screenshots of the adapter config..

     



    ------------------------------
    Senior Consultant
    CA
    ------------------------------


  • 2.  RE: CA Adapter: SAML integration with LDAP,Risk Authentication

    Broadcom Employee
    Posted Aug 19, 2019 10:05 AM
    When the risk engine performs secondary authentication, you should see a credential selector page with OTP/email or MobileOTP. The user would choose the credential to use for secondary authentication and the next page would have verbiage to enter OTP from email or OTP from the MobileOTP app.

    I recommend disabling the risk score based second factor config (second screenshot) if you don't see the selector page.



  • 3.  RE: CA Adapter: SAML integration with LDAP,Risk Authentication

    Posted Aug 20, 2019 06:51 AM

    Hi,

    Following your recommendation is not a option as the customer requires the risk based 2nd factor. 

    I am still not getting the options page, I will open a case with support .


    Thanks for your input



    ------------------------------
    Senior Consultant
    CA
    ------------------------------



  • 4.  RE: CA Adapter: SAML integration with LDAP,Risk Authentication
    Best Answer

    Broadcom Employee
    Posted Aug 23, 2019 03:26 PM
    Did you get this working? First time you should definitely see the screen after enrollment is done and going forward if Risk score is low you will not see the second factor screen, when you run the report for the user, do you see ALLOW or INCREASEAUTH for user, if it is ALLOW then screen will not come, may be try with a new user as well, if you still see the issue open a support case.