To use RSA SecurID as an authentication method, the Super Admin for the Cloud Authentication Service must connect the Cloud Authentication Service deployment to the RSA Authentication Manager server. The Cloud Authentication Service supports Authentication Manager versions 8.2 and higher.
These configuration settings allow all identity routers to communicate with Authentication Manager.
To download complete integration instructions, see Integrating the Cloud Authentication Service and RSA Authentication Manager on RSA Link at https://community.rsa.com/docs/DOC-84669.
Before you begin
- You must be a Super Admin in the Cloud Administration Console for the Cloud Authentication Service.
- Confirm that your network allows outbound traffic from the identity router to the Authentication Manager server on port 5500.
- Confirm that a static route is configured to each Authentication Manager server for each identity router in your deployment. For instructions, see Configure a Static Route to RSA Authentication Manager.
- Confirm that a static route is configured to each Authentication Manager server for each identity router in your deployment.
- A person with Super Admin privileges in Authentication Manager must create an agent record in Authentication Manager. If you did not do this, you must obtain the agent name and the location of the sdconf.rec file from the Authentication Manager Super Admin.
- For Authentication Manager versions earlier than 8.2 SP1, use the Operations Console to add the hostname and IP address for the identity router to the Authentication Manager server hosts file. For identity routers in the Amazon cloud, add the private IP address. For on-premises identity routers, add the hostname and IP address of both the proxy and management interfaces. To view and modify the hosts file, sign into the Operations Console and click Administration > Network > Hosts File.
- If your identity router is configured to communicate with RSA Authentication Manager and the SSO Agent is disabled, you need to upload your own certificate using My Account > Company Settings. For instructions, see Configure Company Information and Certificates.
- In the Cloud Administration Console, click Platform > Authentication Manager.
- Click Configure Connection.
- In the Authentication Agent Name field, enter the exact name provided by your Authentication Manager administrator.
- To upload the sdconf.rec file, click Choose File and select the file.
- Click Save.
- Click Publish Changes to apply the settings to all identity routers in the deployment. You must publish before you test the connection, but remember that publishing applies these settings and all pending changes to all identity routers.
Click Test Connection. A graphic shows the connection status for each configured identity router. If any components are not connected, investigate the cause.
After you finish
The Super Admin for the Cloud Authentication Service must make sure assurance levels and access policies are configured to require SecurID Token where appropriate. For more information, see "Access Policies" on RSA Link at https://community.rsa.com/docs/DOC-53992.