Configure settings to identify your company and provide Secure Sockets Layer (SSL) private keys and certificates to protect the RSA SecurID Access Application Portal. A Protected Domain Name is required only for SSO Agent deployments. Certificates are required when the SSO Agent is enabled on the identity router, or any time the Cloud Authentication Service is integrated with RSA Authentication Manager, even if the SSO Agent is disabled.
You can also use this procedure to enable just-in-time synchronization for all identity sources.
The first time you sign in to the Cloud Administration Console and access your account information, the Company Name and Company ID fields are preconfigured. Edit these settings to your company specifications.
Note: The Company Information page used in this task also displays the Customer Support ID, which is required when you register with RSA Customer Support.
Before you begin
- You must be a Super Admin for the Cloud Authentication Service.
- Complete the "Plan" section in your Quick Setup Guide. Plan the protected domain name carefully. Once added, it is difficult to change. See Protected Domain Name for details and examples. This name is not required for deployments that do not use the SSO Agent.
- Obtain the private key, public certificate, and certificate chain required to configure SSL protection for the RSA SecurID Access Application Portal or for RSA Authentication Manager integration. For more information, see Cloud Authentication Service Certificates.
- In the Cloud Administration Console, click My Account > Company Settings and select the Company Information tab.
- In the Protected Domain Name field, enter the Protected Domain Name value from your Quick Setup Guide. This is a unique domain name for your deployment, such as sso.example.com. Deployments that use the SSO Agent must have a protected domain name in order to publish changes to the identity router.
- Upload the following files:
- The Private Key that matches the public certificate. Ensure that the private key is not password protected.
- The Public Certificate that was issued from the certificate authority (CA) for your domain.
- The Certificate Chain that was provided by the CA, which is valid for your public certificate.
- In the Company ID field, enter the Company ID that users provide when registering the RSA SecurID Authenticate app on their devices.
The Company ID must have fewer than 255 characters and may only contain alphanumeric characters with no spaces. This value must be unique across all RSA customers.
Note: After you change the Company ID, you must instruct users to provide the new value when registering the RSA SecurID Authenticate. Devices that are already registered are not affected.
- (Optional) In the Just-in-Time Synchronization field, click Enabled. This feature ensures that the cloud identity source is updated every time a user registers a device or authenticates. New users are added to the cloud identity source. Enablement affects all identity sources.
- Click Save Settings.