Enable Access to the Identity Router API
The identity router API is a REST-based web services interface that allows designated components in your deployment to query and manage runtime information, such as user profiles. Access to the API is disabled by default. You can enable access to the API to support certain features in your deployment, such as SecurID Authenticate OTP integration between Authentication Manager 8.4 Patch 3 and earlier and Cloud Access Service (CAS). Only a Super Admin can enable identity router API access.
You must enable access to the identity router API if you want Authentication Manager to support SecurID Authenticate OTP integration between Authentication Manager and CAS. Other components may also require this access.
You need to generate an Access ID and Access Key, which are credentials associated with a Super Admin account. Authentication Manager or other designated components in your deployment that need to access the identity router API can then use that Access ID and Access Key.
The identity router API is a REST-based web services interface. Authentication Manager 8.4 Patch 3 and earlier uses this API to send the Authenticate OTP to the identity router and to receive the authentication results from CAS. You use the Cloud Administration Console to do the following:
Enable API access for AM.
Generate an Access ID and Access Key, which Authentication Manager uses to access the identity router.
Before you begin
Obtain the IP address (or address range) and network mask for the part of your network that requires access to the identity router API.
Obtain the IP address (or address range) and network mask for the part of your network where AM is deployed.
Add a Super Admin account to the Cloud Administration Console using credentials that do not belong to a specific individual. This account is used exclusively to manage identity router API access. For example, you can create a new email address specifically for this account, or use an address that is jointly monitored by all Super Admins in your deployment. Super Admins can modify the identity router API access configuration through this account.
Procedure
In the Cloud Administration Console, click My Account > Administrators.
Click Edit next to the Super Admin account that you want to grant API access.
In the Enable Identity Router API field, select the checkbox to enable access to the identity router API. This step generates values in the Access ID and Access Key fields. Copy these values to a secure location where you can access them when you configure the components of your deployment that use the identity router API.
Note: The Access ID and Access Key are sensitive data. Store these values securely, and share them only with other Super Admins.
Select the Enable Identity Router API checkbox to enable access to the identity router API.
This step generates an Access ID and Access Key. Copy these values to a secure location. The Authentication Manager administrator needs this information to configure AM to accept Authenticate Tokencodes.Note: The Access ID and Access Key are sensitive data. Store these values securely, and share them only with other Super Admins.
In the IP Address and Netmask fields, specify the part of your network from which the API will be accessible. To support API requests from sources without static IP addresses, you can specify an IP address range. Do not use CIDR notation.
In the IP Address and Netmask fields, specify the AM server IP address or subnet that needs to access the API. A subnet can represent multiple AM IP addresses.
The embedded identity router in AM requires the Gateway IP address for the identity router with the network mask 255.255.255.255. You can view the Gateway IP address on the Network Diagnostics page. For instructions, see View Network Diagnostics on an Identity Router.
If more than one AM instance can access the embedded identity router REST API, add each AM IP address. You view this information by logging on to the Operations Console for each AM instance and clicking Administration > Network > Appliance Network Settings.
If you want to add another network, click Add, then repeat step 4.
Click Save.
Click Publish Changes.
After you finish
Provide the API Access ID and Access Key to the appropriate person who is configuring components that need to interact with the identity router API.
Related Articles
Search Users Based on Risk-Based Authentication Settings Number of Views Using RSA Security Key Utility Number of Views Cloud Administration Anomalous Users API Number of Views Monitor System Events in the Cloud Administration Console Number of Views Access Requests and Workflows rely on the Application Server and Database Server times to be in synch in RSA Identity Gove… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
