on Oct 2, 2019This section describes how to integrate XYPRO XYGATE UA with RSA Cloud Authentication Service using SecurID Authentication API.
Architecture Diagram
Configure RSA Cloud Authentication Service
To configure the integration with RSA Cloud Authentication Service, you must first collect the Authentication API key and Authentication Service Domain for your RSA SecurID Access tenant.
Sign into the Cloud Administration Console and browse to My Account > Company Settings > Authentication API Keys and copy the Description and Key.
Browse to Platform > Identity Routers > Edit > Registration and copy the Authentication Service Domain.
Configure XYPRO XYGATE UA
Perform these steps to configure XYPRO XYGATE UA as an authentication API client to RSA Cloud Authentication Service.
Procedure
1. Sign into NonStop as the XUA admin, and run XUA_RSA_INSTALL macro to configure the RSA interface. You will be asked a series of questions about configuring XUA to interface with the RSA service.
> RUN XUA > XUA_RSA_INSTALL Note: Responses to the RSA install macro will be recorded into the UACONF file as keywords using the values you enter at the prompts. These values can be modified in the UACONF only after the macro run is completed.
Do you want to configure the RSA interface <Y>?
2. Enter Y to configure the service.
What is the TCP/IP process name <$ZTCP2>?
3. Enter your TCP/IP process name.
How many seconds should XUA wait for a RSA response before timeout occurs<30>?
4. Enter 30.
Do you want to use RSA authentication for all NonStop users <No>?
5. Answer according to your need.
Do you want to require a password in addition to the SecurID token for all NonStop users <NO>?
6. Answer according to your need.
Is your RSA server configured as a web service <N>?
7. Enter Y.
RSA Hostname?
8. Enter your RSA Authentication Service Domain as indicated in RSA Cloud Administration Console.
Example: rsa-demo.auth.securid.com
RSA access key?
9. Enter the Authentication API Key from the RSA Cloud Administration Console.
Enter unqualified CACERT filename?
10. Enter the name of a nonexistent file.
Example: RSACERT
Note: This value is not required because the certificate on RSA Cloud Authentication Service is already trusted.
RSA access ID?
11. Enter the RSA access ID
Note: This value is not used by RSA SecurID Access. XYPRO recommends to specify the email address of the person who configures this integration.
RSA Language?
12. Enter the language code.
Example: en_US
RSA Port <5555>?
13. Enter 443.
RSA Path?
14. Enter /mfa/v1_1
RSA Security key type <KEY>?
15. Enter KEY
RSA Agent name?
16. Enter the name you wish to be displayed in the RSA Authenticate App's push notifications. Example notification: "Sign in request for: XUA"
RSA auth policy ID?
17. Enter the name of the access policy (as configured in RSA Cloud Administration Console) that XUA will use to authenticate users.
RSA Attempt timeout (seconds)?
18. Enter 120. Increase this value if user authentications timeout before they can be completed.
Java install path </usr/tandem/nssjava/jdk180_h80>?
19. Enter the Java install path.
Do you want to configure the RSA interface now <Y>?
20. Enter Y.
Configuration is complete.
Note: Authenticating with the RSA SecurID Access requires the UAACL rule, UAGROUP, which maps NonStop user accounts to RSA user accounts and invokes RSA processing by XUA. Refer to XYGATE User Authentication Reference Manual for more information.
User Experience
Authentication method selection menu
Return to the main page for more certification related information.