Configure RSA Authentication Manager as a Secure Proxy Server for the Cloud Authentication Service

You can configure RSA Authentication Manager 8.5 to act as a secure proxy server for the Cloud Authentication Service. User authentication requests are automatically forwarded to the Cloud Authentication Service, and you can configure high availability, which allows authentication to continue when the Cloud Authentication Service or the connection is unavailable or too slow.

You may need to do additional configuration steps to use these features.

Procedure 

1. REST protocol authentication agents require credentials to securely access Authentication Manager. See Configure the RSA SecurID Authentication API for Authentication Agents.
2. Connect Authentication Manager to the Cloud Authentication Service.

   While connecting, do not clear the Send Multifactor Authentication Requests to the Cloud checkbox.

   For instructions, see the following:

   • To connect with an embedded identity router, see Quick Setup - Connect RSA Authentication Manager to the Cloud Authentication Service with an Embedded Identity Router.
   • If you are using identity routers on other platforms in your on-premises network or in the Amazon Web Services cloud, see Connect RSA Authentication Manager to the Cloud Authentication Service.
3. In the Cloud Administration Console, create an access policy for the authentication agents that are connected to the Cloud Authentication Service, or plan to use an existing access policy. For instructions, see Planning Resource Protection with Access Policies and Access Policies.
4. Configure your authentication agents to use Authentication Manager to direct authentication requests to the Cloud Authentication Service. For instructions, see your agent documentation.

After you finish 

• When RSA Authentication Manager cannot communicate with the Cloud Authentication Service, users can access RSA SecurID protected resources with RSA SecurID authentication and Authenticate Tokencode. Authentication Manager always validates RSA SecurID authentication. Authentication Manager must download High Availability Tokencode records to prompt users for Authenticate Tokencode. See Configure High Availability Tokencodes.
• Some newer authentication agents can automatically download offline emergency access codes for users who access the authentication agent. Users can continue to authenticate if the connection to Authentication Manager or the Cloud Authentication Service is not available. For more information, see Emergency Tokencode.
• Authentication Manager automatically downloads offline data day files that some newer authentication agents can use for uninterrupted authentication to the Cloud Authentication Service. For instructions, see your authentication agent documentation.