Integration of Dell EMC Data Domain with RSA Authentication Manager REST API
3 months ago
Article Number
000067982
Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager 
RSA Version/Condition: 8.x

Issue

This article provides the steps to integrate Dell EMC Data Domain with RSA Authentication Manager through the REST API.

Resolution

Authentication Manager Configuration

  1. Enable the REST API on the instances where the Data Domain will be connected.
  2. Create two users in the internal database users: one named secofficer and the other named sysadmin. These are default users in the Dell Data Domain.
  3. Login to the Security Console and navigate to Identity > Users > Add New.
  4. Create a new user for secofficer. The only information needed is the the user ID and last name. Click Save and repeat for sysadmin.
  5. Assign a token to each user. 

Data Domain Configuration 

Set the following information on the Data Domain:

  • Server URL: https://<am_fqdn>:5555/mfa/v1_1/authn
  • Client ID: RSA Agent name “apidd" for example
  • Client Key: RSA Access Key
  • The certificate is the root certificate from the Security Console:
    1. Launch Internet Explorer, and go to https://server_name/sc.
    2. Right-click on the lock and select Properties.
    3. In the Properties dialog box, click Certificates.
    4. In the Certificate dialog box, select the Certification Path tab.
    5. Click the top item in the certificate path.
    6. Click View Certificate.
    7. In the Certificate dialog box, click the Details tab.
    8. Click Copy to File.
    9. On the Certificate Export Wizard page, click Next.
    10. On the Export File Format page, select Base 64 encoded binary X.509 (.CER). 
    11. Click Next.
    12. On the File to Export page, click Browse.
    13. Browse to a location to store the root certificate, enter am_root.cer in the File Name field.
    14. Make sure that the Save As type is set to Base-64 encoded X.509.CER.
    15. On the File to Export page, click Next.
    16. On the Completing the Certificate Export page, click Finish.
    17. Click OK.
    18. Edit the certificate file with the .cer extension in a text editor.
    19. Copy the entire text, including the lines of BEGIN CERTIFICATE and END CERTIFICATE and add it to the Data Domain-certificate part.
    20. Add the usernames secofficer and sysadmin with the password created.Screenshot 2022-10-25 183758.png

      Screenshot 2022-10-25 184013.png
Notes

The Client ID (apidd) is the TCP agent name that is configured on the Security Console.


 

Related Articles

Trending Articles

Don't see what you're looking for?