Setting dual authorization for the security administration service

You can enable or disable dual authorization for each OU for security administration. FTM SWIFT delivers the predefined CT DniSecAdm, which has one attribute. The attribute is DniFlagDoubleAuthSecAdm and initially has the value 'Yes'. Therefore, dual authorization is enabled for all OUs, including SYSOU.

When you issue the commands to enable or disable dual authorization, ensure that you are using the System Configuration service (DNI_SYSADM) and the system OU, SYSOU.

To disable dual authorization for SYSOU, enter:

add -ou SYSOU -ct DniSecAdm -co DniSecAdm -attr DniFlagDoubleAuthSecAdm -val No

You can decide with which OUs you want to use dual authorization. For example, initially you decide not to use dual authorization with the OU BANKA. If later you decide to enable dual authorization for BANKA, enter:

add -ou BANKA -ct DniSecAdm -co DniSecAdm -attr DniFlagDoubleAuthSecAdm -val Yes

To activate the changes, commit, approve, and deploy the OU. For more information about activating changes, see Activating configuration entities.

Changes in dual authorization in OUs other than SYSOU, do not affect role administration. Only changes in the dual authorization in SYSOU affect both role and user administration.

Note: If you specify any value other than No for the attribute DniFlagDoubleAuthSecAdm, FTM SWIFT assumes the value to be Yes, and activates dual authorization.