Previous Topic: CA Identity Manager Mobile AppNext Topic: How the Implementation Process Works

The CA Identity Manager Mobile Application Architecture

The CA Identity Manager Mobile Application architecture is designed to provide a set of CA Identity Manager capabilities for various mobile devices, such as Smart phones and Tablets. The capabilities selected for the Mobile Application are based on critical business need and those whose user interaction are appropriate for smaller devices.

The architecture is centered on the use of a Configuration component specific for the Application and RESTful Web Services that expose the CA Identity Manager server capabilities. The CA Identity Manager Server supports the ability to manage a given environment’s Mobile Application configuration and the configuration of the REST web services used by the application.

Note: The REST Web Services are particular to the CA Identity Manager Mobile Application, and are not intended to be public APIs, unlike the SOAP-based Task Execution Web Services (TEWS).

The REST Web Services can support multiple configurations per CA Identity Manager Environment (IME), where each configuration is typically associated with a particular REST client, such as the Mobile Application. The high level architecture and relationship between the Mobile Application Configuration and Web Service Configuration is shown below.

Mobile Application architecture

The REST Web Services configuration requires a specific set of options selected in order for the Mobile Application to function. A Web Service configuration must be defined via the Web Service Configuration Task prior to creating the Mobile Application Configuration, also available via an Administrative Task.

Mobile Application Web Service Configuration Details

A REST Web Service configuration consists of the following elements:

The table below shows the Web service Configuration details and the setting required for the Mobile Application.

Configuration Section



Mobile App Setting



The name of the configuration

Deployment choice



The unique identifier that a given client must set in the "Configuration-Id" http header of each CA Identity Manager Server request.

Deployment choice. The Mobile App Configuration Service returns the identifier that must be used in all subsequent REST requests.



Enables/disables the configuration



Require Secure Communication

https required or not

Deployment choice. Value downloaded by Mobile App Configuration Service.


Enable Encryption

Used to encrypt payload for non-SSL. Requires client-side crypto library, encryption key knowledge and explicit client-side encrypt/decrypt support

Not used. Leave unchecked.


Configuration secret

The shared secret required as part of the REST client to server trust model.

Must be specified. Deployments should generate the secret when defining the configuration instance.

Object Types

Object type

The object types that are exposed as REST resources.

The User object type


Methods and Attributes

The resource methods (CRUD) supported for a selected object type and the set of attributes allowed for those methods.

The User object type with View Access to the following attributes as represented in the deployment specific User Schema:


  • Business Phone
  • Department
  • Email
  • First Name
  • Last Name
  • Manager
  • Office
  • Title



Member Rule

A rule indicating which users can perform self-administration.

Should match the Member rule on the Mobile App Configuration.


Set of attributes for modification should be empty.


Enable Password Reset

Enables users to reset their own password




The set of attributes user can manage by themselves

Empty list



Defines rules for which users are authorized to invoke the REST operations defined for this configuration

A member rule that matches the set of Mobile App Users