Deploying a RESTful Authentication Agent

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

A RESTful authentication agent is a software application that securely passes user authentication requests to and from the RSA SecurID Authentication API. Unlike other authentication agents, RESTful authentication agents do not require or use a node secret or the Authentication Manager configuration file sdconf.rec.

Before a RESTful authentication agent can communicate with RSA SecurID Authentication API, you must deploy the agent.

Before you begin 


  1. In the Security Console, click Access > Authentication Agents > Add New.

  2. From the Security Domain drop-down menu, select the security domain to which you want to add the new agent.

  3. Under Authentication Agent Basics, do the following:

    1. For Hostname, enter a new hostname for the agent host or a logical name for the agent.

      If you entered a hostname, click Resolve IP. The IP address is automatically entered. If you enter a new name, the name must be unique.

    2. (Optional) In the IP Address field, enter the IP address of the agent.

      If you use an existing server name, this field is automatically populated and read-only. If no address is specified, UDP agents will use auto-registration to provide the address to the server.

    3. (Optional) In the Alternate IP Addresses field, enter alternate IP addresses for the agent.

      You enter alternate IP addresses if the agent has more than one network interface card, or is located behind a static network address translation (NAT) firewall.

      If you use an existing server name, this field is automatically populated and read-only.

  4. (Optional) Under Authentication Agent Attributes, you can select the following options:

    • To specify the type of agent, select the type from the Agent Type list.

      If the agent is a web agent, select Web Agent, otherwise keep the default selection Standard Agent. The populated agent types are labels, there is no functional difference by choosing Web Agent or Standard Agent.

    • To disable the agent, select Agent is disabled.

      You might select this option to stop access to a resource temporarily.

    • To add a restricted agent, select Allow access only to members of user groups who are granted access to this agent.

      Only users who are members of user groups that have permission to access a restricted agent can use this agent to authenticate. Any user can use an unrestricted agent to authenticate.

    Trusted realm authentication and risk-based authentication are not supported for RESTful authentication agents. Selecting or clearing Enable Trusted Realm Authentication and Enable this agent for risk-based authentication has no effect on the agent.

  5. Click Save.

    Note:  If the hostname is not a fully qualified host name or the IP address is not specified, a Confirmation Required dialog, summarizing the hostname and the IP address is displayed. Here, you can either edit the agent details or save the agent information.