Edit the Cloud Authentication Service Connection

Document created by RSA Information Design and Development Employee on Jul 27, 2020Last modified by RSA Link Admin on Sep 18, 2020
Version 2Show Document
  • View in full screen mode

After you connect RSA Authentication Manager to the Cloud Authentication Service, you can edit the connection.

For instructions on how to configure the initial connection, see the following:

Before you begin 

  • You must be a Super Admin.

  • A new Registration Code and Registration URL is required if you need to re-register Authentication Manager with the Cloud Authentication Service. You must re-register for any of the following reasons:

    • You are configuring an embedded identity router.
    • You want to enable the high availability tokencode feature, and you are upgrading from an RSA Authentication Manager 8.4 deployment that is already connected to the Cloud Authentication Service.
    • The access policy that was used for the original connection has been replaced with a different access policy. The access policy is configured and selected in the Cloud Administration Console.
    • The access policy name that was used for the original connection has changed.
    • The RSA Authentication Manager API Key used for the original connection has been deleted from the Authentication API Keys page or the Administration API Key page in the Cloud Administration Console. This disconnects Authentication Manager from the Cloud Authentication Service.
    • You make changes to an HTTPS proxy server, and you need to connect to the Cloud Authentication Service again and accept a new certificate. You do not need to re-register if you configure or update the connection to a HTTP proxy server.

    If you need to obtain the Registration Code and Registration URL, see Connect Your Cloud Authentication Service Deployment to RSA Authentication Manager.

Procedure 

  1. In the Security Console, click Setup > System Settings.

  2. Click Cloud Authentication Service Configuration.

  3. If Authentication Manager is behind an external firewall, you can configure a connection to a proxy server before connecting to the Cloud Authentication Service. For instructions, see Configure a Proxy Server.

  4. To connect Authentication Manager to the Cloud Authentication Service, do the following:

    1. Under Register Authentication Manager with the Cloud Authentication Service, copy and paste the Registration Code and the Registration URL from the Cloud Administration Console, or obtain this information from a Cloud Authentication Service Super Admin and manually enter it.

      For more information, see Connect Your Cloud Authentication Service Deployment to RSA Authentication Manager.

    2. Click Connect to the Cloud Authentication Service.

      A message indicates that the connection is established. The Cloud Authentication Service details are automatically updated and saved.

  5. To enable users to authenticate to the Cloud Authentication Service, under Cloud Authentication Service Configuration, click Enable Cloud Authentication.

  6. You can use RSA Authentication Manager as a secure proxy server that sends authentication requests directly to the Cloud Authentication Service. By default, this feature is enabled when you connect to the Cloud Authentication Service or upgrade to RSA Authentication Manager 8.5 after connecting to the Cloud Authentication Service with version 8.4 Patch 4 or later. For more information, see RSA Authentication Manager Secure Proxy Server for the Cloud Authentication Service.

    To manually enable this feature, select the Send Multifactor Authentication Requests to the Cloud checkbox.

  7. Click Save.

After you finish 

  • If required by your deployment, add the Multifactor Authentication REST URL and the Help Desk Administration REST URL to a whitelist of URLs that Authentication Manager is allowed to access.

    Other URLs are as follows.

    FeatureURLStatic or Dynamic
    Telemetrytelemetry.access.securid.comStatic
    Embedded identity router

    The connection information varies. You can use a wildcard:

    *.blob.core.windows.net

    Dynamic
  • For any administrator who needs to manage Cloud Authentication Service users in the Authentication Manager User Dashboard, you must have selected Manage Cloud Authentication Service Users on the General Permissions tab. For more information, see Edit Permissions for an Administrative Role.

 

 

 

You are here
Table of Contents > Cloud Authentication Service Integration > RSA Authentication Manager 8.4 Patch 4 and later > Manage the Cloud Connection > Edit the Cloud Authentication Service Connection

Attachments

    Outcomes