ZPE Nodegrid 4.1 - SecurID Authentication API with CAS Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on Aug 26, 2019Last modified by RSA Information Design and Development on Aug 26, 2019
Version 3Show Document
  • View in full screen mode

This section describes how to integrate ZPE Nodegrid with RSA Cloud Authentication Service using SecurID Authentication API.

Architecture Diagram

Configure RSA Cloud Authentication Service

To configure the integration with RSA Cloud Authentication Service, you must first collect the Authentication API key and Authentication Service Domain for your RSA SecurID Access tenant.

Sign into the Cloud Administration Console and browse to My Account > Company Settings > Authentication API Keys and copy the Description and Key.

Browse to Platform > Identity Routers > Edit > Registration and copy the Authentication Service Domain.

 

Configure ZPE Nodegrid

Perform these steps to configure ZPE Nodegrid as an authentication API client to RSA Cloud Authentication Service.

Procedure

1. Sign into Nodegrid Web Interface as admin, browse to SecurityAuthentication2-Factor and click Add.

2. Configure the 2-Factor settings and then scroll down to the RSA section.

  1. Enter a Name to identify the method. For example: SecurID
  2. Select RSA from the Method drop-down menu.
  3. Select enabled from the Status drop-down menu.

3. Configure the RSA server settings and click Save.

  1. REST URL: Enter the REST URL for the RSA Cloud Authentication Service.  For example: https://test.auth.securid.com/mfa/v1_1/authn
  2. Enable Replicas: Leave the check box unmarked. High availability is handled internally by RSA Cloud Authentication Service.
  3. Client Key: Enter the Authentication API Key from the RSA Cloud Administration Console.
  4. Client ID: Enter the name you wish to be displayed in the RSA Authenticate App's push notifications.  Example notification: "Sign in request for: Nodegrid"
  5. Mark the check box for Enable Cloud Authentication Service.
  6. Policy ID: Enter the name of the access policy you wish to authenticate with as specified in RSA Cloud Administration Console.
  7. Tenant ID: Enter the RSA Cloud Authentication Service Company ID

4. After saving, edit the RSA 2-Factory method and upload the certificate which allows Nodegrid to trust RSA Cloud Authentication Service.

  1. Follow the steps in this link to acquire the certificate for RSA Cloud Authentication Service.
  2. Click the Certificate button, upload the certificate file and click Apply.

 

Next Step: Proceed to the Use case configuration section for the steps to apply this configuration to the use case.

 

Attachments

    Outcomes