This section describes how to integrate F5BIG-IP APM with RSA Cloud Authentication Service using RADIUS.

Architecture Diagram

Configure RSA Cloud Authentication Service

To configure RADIUS for Cloud Authentication Service for use with a RADIUS client, you must first configure a RADIUS client in the RSA SecurID Access Console.

Sign into the RSA Cloud Administrative Console and browse to Authentication Clients > RADIUS > Add RADIUS Client and enter the Name, IP Address and Shared Secret.

What is selected for Authentication details will depend on the use-case being implemented.

Click Publish.

Configure F5 BIG-IP APM

Perform these steps to configure F5 BIG-IP APM as a RADIUS client to RSA Cloud Authentication Service.

Procedure

1. Sign into the BIG-IP Configuration Utility and click Main > Access > Authentication > RADIUS.

2. On the RADIUS Servers page, click Create...

3. On the New Server... page, enter the following:

1. Name: Enter a suitable name for the RADIUS Server.
2. Server Connection: Click on the Direct radio button.
3. Server Address: The management IP address of the Identity Router.
4. Authentication Service Port: Enter 1812.
5. Secret: Enter the Shared Secret configured while creating the RADIUS client in Cloud Authentication Service.
6. Confirm Secret: Enter the Shared Secret configured while creating the RADIUS client in Cloud Authentication Service.

Note:  The Timeout value is set to 5 and Retries value is set to 3 by default. RSA recommends using Timeout value as 15 and Retries value as 3. But it can be adjusted if required, specially in cases where there is frequent authentication failures due to timeout. Increasing the timeout value means that failover RADIUS server is not used as quickly if the primary RADIUS server is not available.

4. Click Finished.

Next Step: Proceed to Access Profile use case configuration section to apply this integration type to an access profile.