The identity router API is a REST-based web services interface that allows designated components in your deployment to query and manage runtime information, such as user profiles. Access to the API is disabled by default. You can enable access to the API to support certain features in your deployment, such as RSA SecurID Authenticate Tokencode integration between RSA Authentication Manager and the Cloud Authentication Service. Only a Super Admin can enable identity router API access.
You must enable access to the identity router API if you want RSA Authentication Manager to support RSA SecurID Authenticate Tokencode integration between RSA Authentication Manager and the Cloud Authentication Service. Other components may also require this access.
You need to generate an Access ID and Access Key, which are credentials associated with a Super Admin account. RSA Authentication Manager or other designated components in your deployment that need to access the identity router API can then use that Access ID and Access Key.
- Obtain the IP address (or address range) and network mask for the part of your network that requires access to the identity router API. For example, the part of your network where RSA Authentication Manager is deployed.
- Add a Super Admin account using credentials that do not belong to a specific individual. This account is used exclusively to manage identity router API access. For example, you can create a new email address specifically for this account, or use an address that is jointly monitored by all Super Admins in your deployment. Super Admins can modify the identity router API access configuration by editing this account.
- In the Cloud Administration Console, click My Account > Administrators.
- Click Edit next to the Super Admin account that you want to grant API access.
- In the Enable Identity Router API field, select the checkbox to enable access to the identity router API.
After you select the checkbox, RSA SecurID Access generates values in the Access ID and Access Key fields. Copy these values to a secure location where you can access them when you configure the components of your deployment that use the identity router API.
- In the IP Address and Netmask fields, enter values to specify the part of your network from which the API will be accessible. To support API requests from sources without static IP addresses, you can specify an IP address range. These fields do not support CIDR notation.
- If you want to add another network, click Add, then repeat step 4.
- Click Save.
- Click Publish Changes.
Note: The Access ID and Access Key are sensitive data. Store these values securely, and share them only with other Super Admins.
After you finish
Provide the API Access ID and Access Key to the appropriate person who is configuring components that need to interact with the identity router API.