Connect the identity router to the Cloud Administration Console to enable administrators to publish configuration changes to the identity router.
Before you begin
- You must be a Super Admin in the Cloud Administration Console.
- Complete the "Plan" section in your Quick Setup Guide.
- Obtain the Registration Code and Authentication Service Domain displayed when you added the identity router in the Cloud Administration Console.
- Open a web browser and do one of the following:
For identity routers in the Amazon cloud, go to https://<identityrouterIP>:9786/setup.jsp, where <identityrouterIP> is the private IP address of the identity router.
For on-premises identity routers, go to https://<identityrouterIP>/setup.jsp, where <identityrouterIP> is the IP address of the identity router management interface.
See your Quick Setup Guide for the identity router IP address.
- Sign into the Identity Router Setup Console. If this is your first time signing into the setup console for this identity router, see Change the Identity Router Administrator Password Using the Identity Router Setup Console.
- Click Connect Administration Console.
- In the Registration Code field, enter the Registration Code displayed when you added the identity router in the Cloud Administration Console.
- In the Authentication Service Domain field, enter the Authentication Service Domain displayed when you added the identity router in the Cloud Administration Console.
(Optional) If you want to configure a proxy server to handle traffic between the identity router and the Cloud Authentication Service, enter the proxy server details.
The proxy server can be unauthenticated, transparent, or authenticated. If you specify an authenticated proxy, it must be configured for only basic authentication.
In RADIUS and relying party deployments, the proxy server handles traffic for authentication and product maintenance (such as cluster updates). In an SSO Agent deployment, the proxy server handles traffic for product maintenance.
- Enter the Proxy Host, formatted as an IP address or hostname.
Enter the Proxy Port number for the proxy.
- If the proxy requires authentication, enter the Proxy Username.
If the proxy requires authentication, enter the Proxy Password.
- Click Submit.
Follow the instructions presented. If an error occurs that you are unable to resolve, contact Customer Support. A confirmation message appears when the identity router is connected to the Cloud Administration Console.
- Sign into the Cloud Administration Console to check the status of the identity router (Platform > Identity Routers). When the identity router is connected to the Cloud Administration Console, the status reads Active.
- In the Cloud Administration Console, click Publish Changes to apply the configuration settings for the new identity router. After the publish operation has completed, the identity router is fully deployed.
- If you accepted an SSL proxy for the identity router in Step 7, make sure you inform your IT department so they can add the Cloud Authentication Service to their whitelist. After IT informs you that step is completed, RSA recommends that you remove the SSL proxy certificates from your deployment. Do the following:
- Return to the Cloud Connection Trust field in the Identity Router Setup Console.
- Confirm whether the identity router and Cloud Authentication Service will remain connected after you remove the certificates. Click Test Without Override Certificates. A message indicates if the connection is successful.
- If the tests pass, click Remove Certificates to remove the certificates from your deployment. If any tests fail, see your IT department and confirm that the necessary URLs are whitelisted.
After you finish
If you added this identity router to an existing cluster, you need to back up the cluster. See Back Up Now for a Single Cluster