Manage the RSA SecurID Authentication API Keys

Document created by RSA Information Design and Development on Nov 10, 2016Last modified by Joyce Cohen on Nov 25, 2019
Version 33Show Document
  • View in full screen mode

 

The RSA SecurID Authentication API is a REST-based programming interface that allows you to develop clients that process multifactor, multistep authentications through RSA Authentication Manager and the Cloud Authentication Service. The interface definition can be integrated with any programming language.

 

Clients built using the Authentication API require a key to pass authentication requests to the Cloud Authentication Service. Every Initialize call from the client must contain this key to securely identify the authentication request. For more information about the Authentication API, see the RSA SecurID Authentication API Developer's Guide.

 

You must be a Super Admin for the Cloud Administration Console to perform these tasks:

 

 

Integration with RSA Authentication Manager

 

If RSA Authentication Manager is configured to use the Cloud Authentication Service for authenticating users to agent-protected resources, an API key for that purpose is automatically added to the Cloud Authentication Service and appears in the console. That key counts against the maximum number of keys allowed.

 

If you delete the RSA Authentication Manager API Key, Authentication Manager will be disconnected from the Cloud Authentication Service. If you want to reconnect, perform the registration process again in the Authentication Manager Security Console. For instructions, see Connect RSA Authentication Manager to the Cloud Authentication Service.

 

Security Best Practices for Authentication API Keys

 

Follow these best practice recommendations to ensure that your API keys remain secure.

 

  • Delete the old API keys and generate new ones every 90 days.

    Note:  Do not delete keys that were automatically generated to connect RSA Authentication Manager to the Cloud Authentication Service. If these keys are accidentally deleted, you must re-establish the connection with Authentication Manager.

  • Do not embed API keys in the source code.

  • Do not store API keys in files inside source code repository.

  • Delete the keys from the Cloud Authentication Service if they are no longer being used.

  • Make sure the keys are encrypted at rest on the client file system.

 

Add an RSA SecurID Authentication API Key

 

You can add up to 10 keys for authentication clients to use.

 

Procedure 

 

  1. In the Cloud Administration Console, click My Account > Company Settings and select the Authentication API Keys tab.

  2. Click ADD. The new key is displayed.

  3. (Optional) Enter a description that identifies how the key will be used.

  4. Add as many keys as necessary (up to 10), then click Save Settings.

  5. To immediately activate these updates, click Publish Changes.

 

After you finish 

 

Use a secure method to deliver the keys to your authentication client developers.

 

Delete an RSA SecurID Authentication API Key

 

If a key becomes compromised and is no longer secure, you can delete it and add a new one. After you delete a key, the client program using that key will no longer be able to authenticate to the Cloud Authentication Service.

 

Procedure 

 

  1. In the Cloud Administration Console, click My Account > Company Settings and select the Authentication API Keys tab.

  2. Click the minus sign (-) next to the key you want to delete.

  3. Click Save Settings.

  4. To immediately activate these updates, click Publish Changes. If you do not publish now, the deleted key can continue to be used in authentication requests until the changes are published.

 

 

 

 

 

We want your feedback! Tell us what you think of this page.

 

You are here

Table of Contents > RSA SecurID Authentication API > Manage the RSA SecurID Authentication API Keys

Attachments

    Outcomes