The easiest way to connect RSA Authentication Manager to the Cloud Authentication Service is by clicking Configure the connection on the Security Console Home page and following the wizard.
After the connection is configured, invited users download the RSA SecurID Authenticate app, register their devices, and then access agent-protected resources.
RSA Authentication Manager establishes connections to the Cloud Authentication Service on port 443. No in-bound connections from the Cloud Authentication Service to Authentication Manager are required.
Before you begin
- Confirm that you have deployed Authentication Manager 8.4 Patch 4 or later.
- Confirm that your network infrastructure allows the Authentication Manager server to connect to the internet.
- Prepare the Cloud Authentication Service Environment
- Set User Expectations for Device Registration and Authentication
- Customize the Cloud Authentication Service Invitation
- In the Security Console, go to the Home page.
- Click Configure the connection.
- Verify that you have met the requirements for configuring the connection. Click Next.
- Do the following:
- Copy and paste the Registration Code and the Registration URL from the Cloud Administration Console into the connection wizard.
- (Optional) If Authentication Manager is behind an external firewall, click Configure a Proxy Connection:
- In the Proxy Host field, enter the hostname or IP address of the proxy server. If you have an HTTP proxy server, enter the hostname. For example, www.example.com.
- In the Proxy Port field, enter the port used by the proxy server.
- In the Proxy Username field, enter the unique username for the proxy server.
- In the Proxy Password field, enter the unique password for your proxy server.
- Keep the Enable Cloud Authentication checkbox selected, and click Next.
When enabled, all authentication agents that previously required an RSA SecurID token will allow users to authenticate using both RSA SecurID Tokens and the RSA SecurID Authenticate app. You can manage Cloud users from the Security Console.
- After the connection succeeds, keep the window open. Go to the RSA SecurID Access My Page URL. You can register a device and test cloud-based authentication. Return to the Security Console, and click Next.
- You can invite users to download the Authenticate app and register devices. After registration, users can access your protected resources with the supported authentication methods.
- To invite users later, click No, Invite users later. The next page displays the procedure for inviting users later.
- To invite users now, click Yes, Invite more users.
- You can customize the email message that is sent to users. For instructions, see Customize the Cloud Authentication Service Invitation.
- Click Close to exit.
After you finish
If you have not yet invited users to register their devices and authenticate using the Authenticate app, see Send an RSA SecurID Authenticate Invitation to Users.
Make sure your Help Desk Administrators have permission to view and manage Cloud Authentication Service users in the Security Console User Dashboard. Help Desk Administrators must have an administrative role that includes the Manage Cloud Authentication Service Users permission on the General Permissions tab. For instructions, see Edit Permissions for an Administrative Role.