Cannot login as an Admin when using a User from an LDAP Organization

Document ID : KB000100423
Last Modified Date : 06/06/2018
Show Technical Document Details
Issue:
Users sometimes assume that they can use a LDAP user associated as a CA Strong Authentication Admin. CA Strong Authentication requires that any user be first promoted to an Admin role and the Admim be tied to saved Admin credentials. Not promoting the User to an Admin will always lead to authentication failures when logging on to the Admin console via the URL like such http://hostname:port/arcotadmin/arcotadminlogin.htm
Environment:
CA Strong Authentication Admin UI
Cause:
Security protocols dictate that a User be promoted to an Admin and an Admin be tied to securely configured credentials. So not promoting a User to an Admin will lead to authentication failures. 
Resolution:
Any User that is associated with an LDAP organization and needs to Manage other Organizations will need to be promoted from User to an Admin role. Here are the steps: 

1. Login in as MA 
2. Navigate to tab "Users and Administrators"
3. Search the users using "Serach Users and Administrators" screen providing the LDAP Organization's  "Display Name" for "Organization" and then clicking on "Search" 
4. Click on the user to promote.
5. On the "Basic User Information" screen click on "Edit" 
6. On the "Update Administrator" screen click on "Update Administrator Details" 
7. Set the "Role" to say "Global Administrator"  and Set the Admin Password. 
8. Set the "Manages" by shifting the LDAP organization into the "Selected Organizations" 
9. Click "Save"
10. Reresh the Cache by Navigating  to "Services and Server Configuration" and then to "Adminstraton Consle". Refresh Cache. 

11. Logout of MA and navigate to Admin using say the URL - http://lhostname:port/arcotadmin/arcotadminlogin.htm

12. Provide the "Organization Name;" as the LDAP Organization where the LDAP user  (Promoted to Advanced Authenticaion Admin) exists. 

Login is now successful. So, basically if LDAP user / org is used for admin access - User needs to be exist in the LDAP org and the user needs to be promoted to an Admin role.
Additional Information:
None.