Create 2FA admin account for CAMIS

The following sections explain:

1. Adding a 2FA admin account to an existing CAMIS Profile.

2. Checking what 2FA Admin profiles exist already.

3. Troubleshooting your existing CAMIS profile.

To add 2FA Admin to an existing profile.

Use the connection corresponding to development, acceptance or production as follows:

1. Get next value from sequence: SELECT AC040_STAKEHOLDER_ID_SEQ.nextval FROM dual;
   **This will be used as the STAKEHOLDER_ID

2. Create a record in the TWOFA.AC040_STAKEHOLDER table
   **Note: GLOBAL_USERID_LBL is just a random string of 12 alphanumeric characters. You can use sites like https://privacycanada.net/strong-password-generator/ to generate the string
   
   

   INSERT INTO TWOFA.AC040_STAKEHOLDER (STAKEHOLDER_ID, STAKEHOLDER_TYPE_CD, NAME_FIRST_NM, NAME_LAST_NM, STAKEHOLDER_CREATED_ID, GLOBAL_USERID_LBL, USER_LAST_UPDATE_ID) VALUES (:stakeholder_id, 1, 'First Name', 'Last Name', 1, :12_chars_alphanumeric, 1);

3. Create a record in TWOFA.AC043_INTERNAL_STAKEHOLDER

   INSERT INTO TWOFA.AC043_INTERNAL_STAKEHOLDER VALUES (:stakeholder_id, 1, :12_chars_alphanumeric, 1, :tc_user_id, SYSDATE, NULL, SYSDATE, 1);

4. Connect the CAMIS environment, using CAMIS_DATA_ADMIN, to the corresponding to where the twofa updates are being made.
   
   Copy the string from TWOFA.AC040_STAKEHOLDER.GLOBAL_USERID_LBL into the CAMIS database CAMIS.AA008_APPLICATION_USER.TWOFA_USERID_LBL for the newly created TWOFA account

   UPDATE CAMIS.AA008_APPLICATION_USER SET TWOFA_USERID_LBL = :12_chars_alphanumeric WHERE TC_USER_ID = :tc_user_id;

5. APPLICATION_CD to use in the script provided in this step

   Dev: 4
   Acc and Prod: 1
   
   Create a record in TWOFA.AC002_XREF_APPLICATION_USER with the following standard values

Example of adding 2FA admin access to a production account.
User: Michelle Le (LEMI)

To find all users who have CAMIS 2FA Admin accounts:

Run the query below using the TWOFA connection for the environment that you would like to check

For Development, the APPLICATION_CD =4; for Acceptance and Production use APPLICATION_CD =1

Select statements to verify data:

Problems with 2FA Admin Account:

Re-enabling an existing CAMIS Account that was deleted

If your account was added for access to CAMIS, and the error below is displayed, your CAMIS account may have been. The following error in CAMIS after logging in via Entrust. The same error is also displayed if you have not been given access to CAMIS.

Open

To restore access:

1. Go to table AA008_APPLICATION_USER

Retrieve the affected user record by TC_USER_ID. → TC_USER_ID is the same as the account’s network login id.

Make sure that DATE_DELETED_DTE is NULL.

Take note of your PERSON_ID (you will need this for the remaining steps).

1. Go to table AA005_USER_ROLE

retrieve the record by using the PERSON_ID obtained in step 1.

Make sure that DATE_DELETED_DTE is NULL for records that have set to deleted (or recently set to deleted).

1. Go to table YA096_PERSON

retrieve the record by using the PERSON_ID obtained in step 1.

Make sure that DATE_DELETED_DTE is NULL for records that have set to deleted.

2. Unable to activate new CAME accounts or generate new activation codes

If you cannot activate a CAME account or generate a new activation code:
a) verify that you have a 2FA admin account as explained in this article.

b) the following script can be used to check your 2FA admin account.

c) verify that the folder “TC_Directory” is present. If the TC_Directory folder is missing, users with Admin access will not be able to generate new activation codes or add internal CAME users in CAMIS via the
ADMIN → User Admin menu.