Configure settings to identify your company and provide Secure Sockets Layer (SSL) private keys and certificates to protect the RSA SecurID Access Application Portal. A Protected Domain Name is required only for SSO Agent deployments. Certificates are required in either of the following situations:
The SSO Agent is enabled on the identity router.
The Cloud Authentication Service is integrated with RSA Authentication Manager to allow users to access RSA SecurID-protected resources using Authenticate Tokencodes, regardless of whether the SSO Agent is enabled or disabled.
You can also perform this procedure to enable just-in-time synchronization for all identity sources.
The first time you sign in to the Cloud Administration Console and access your account information, the Company Name and Company ID fields are preconfigured. Edit these settings to your company specifications.
Note: The Company Information page used in this task also displays the Customer Support ID, which is required when you register with RSA Customer Support.
Before you begin
- You must be a Super Admin for the Cloud Authentication Service.
- Complete the "Plan" section in your Quick Setup Guide. Plan the protected domain name carefully. Once added, it is difficult to change. See Protected Domain Name for details and examples. This name is not required for deployments that do not use the SSO Agent.
- Obtain the private key, public certificate, and certificate chain required to configure SSL protection for the RSA SecurID Access Application Portal, or for the RSA Authentication Manager integration that allows users to access RSA SecurID-protected resources using Authenticate Tokencodes. In RSA Authentication Manager, this certificate chain (root certificate plus optional Certificate Authority certificates) is identified in the Operations Console as the identity router root certificate. For more information, see Cloud Authentication Service Certificates.
- In the Cloud Administration Console, click My Account > Company Settings and select the Company Information tab.
- In the Protected Domain Name field, enter the Protected Domain Name value from your Quick Setup Guide. This is a unique domain name for your deployment, such as sso.example.com. Deployments that use the SSO Agent must have a protected domain name in order to publish changes to the identity router.
- Upload the following files:
- The Private Key that matches the public certificate. Ensure that the private key is not password protected.
- The Public Certificate that was issued from the certificate authority (CA) for your domain.
- The Certificate Chain that was provided by the CA, which is valid for your public certificate.
- In the Company ID field, enter the Company ID that users provide when registering the RSA SecurID Authenticate app on their devices.
The Company ID must have fewer than 255 characters and may only contain alphanumeric characters with no spaces. This value must be unique across all RSA customers.
Note: After you change the Company ID, you must instruct users to provide the new value when registering the RSA SecurID Authenticate. Devices that are already registered are not affected.
- (Optional) Just-in-Time Synchronization ensures that the identity source is updated in the Cloud Authentication Service every time a user registers a device or authenticates. New users are also added to the identity source. Enablement affects all identity sources. To request availability for this feature, contact RSA Customer Support.
- Click Save Settings.