Deploying an Authentication Agent That Uses the REST Protocol

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Feb 12, 2018
Version 3Show Document
  • View in full screen mode

An authentication agent that uses the REST protocol securely passes user authentication requests to and from the RSA SecurID Authentication API. Unlike authentication that use the UDP protocol, authentication agents that use the RSA SecurID Authentication API do not require or use a node secret or the Authentication Manager configuration file sdconf.rec.

Before a REST-based authentication agent can communicate with RSA SecurID Authentication API, you must deploy the agent.

Before you begin 


  1. In the Security Console, click Access > Authentication Agents > Add New.

  2. From the Security Domain drop-down menu, select the security domain to which you want to add the new agent.

  3. Under Authentication Agent Basics, do the following:

    1. For Hostname, enter a new hostname for the agent host or a logical name for the agent.

      If you entered a hostname, click Resolve IP. The IP address is automatically entered. If you enter a new name, the name must be unique.

    2. (Optional) In the IP Address field, enter the IP address of the agent.

      If you use an existing server name, this field is automatically populated and read-only. If no address is specified, UDP agents will use auto-registration to provide the address to the server.

    3. (Optional) In the Alternate IP Addresses field, enter alternate IP addresses for the agent.

      You enter alternate IP addresses if the agent has more than one network interface card, or is located behind a static network address translation (NAT) firewall.

      If you use an existing server name, this field is automatically populated and read-only.

  4. (Optional) Under Authentication Agent Attributes, you can select the following options:

    • To specify the type of agent, select the type from the Agent Type list.

      If the agent is a web agent, select Web Agent, otherwise keep the default selection Standard Agent. The populated agent types are labels, there is no functional difference by choosing Web Agent or Standard Agent.

    • To disable the agent, select Agent is disabled.

      You might select this option to stop access to a resource temporarily.

    • To add a restricted agent, select Allow access only to members of user groups who are granted access to this agent.

      Only users who are members of user groups that have permission to access a restricted agent can use this agent to authenticate. Any user can use an unrestricted agent to authenticate.

  5. If your authentication agent supports trusted realm authentication or risk-based authentication, you can select Enable Trusted Realm Authentication or Enable this agent for risk-based authentication. If your authentication agent does not support these features, then selecting or clearing these checkboxes has no effect on the agent.
  6. Click Save.

    Note:  If the hostname is not a fully qualified host name or the IP address is not specified, a Confirmation Required dialog, summarizing the hostname and the IP address is displayed. Here, you can either edit the agent details or save the agent information.