This article describes how to integrate ManageEngine ADSelfService Plus with RSA Authentication Manager using REST API.

  
Configure RSA Authentication Manager

Perform these steps to configure RSA Authentication Manager 
Procedure

1. Sign in to your RSA Security Console.
2. Navigate to Access > Authentication Agents and click Add New.
   
3. Enter the hostname of the ADSelfService Plus server in the Hostname field and click Resolve IP to establish a connection between the Security Console and the ADSelfService Plus server.
4. Click Save to add the ADSelfService Plus server as an authentication agent.
   

Configure ManageEngine ADSelfService Plus

Perform these steps to configure ManageEngine ADSelfService Plus.
Procedure

1. Sign in to the RSA Admin Console and navigate to Setup > System Settings.
2. Under Authentication Settings, click RSA SecurID Authentication API.
3. Copy the Access ID, Access Key, and Communication Port details.
4. Log in to the ADSelfService Plus Admin Console and navigate to Configuration > Self-Service > Multi-factor Authentication > RSA SecurID.
5. In the Choose the Policy drop-down list, select a policy.
   Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, navigate to Configuration > Self-Service > Policy Configuration and click Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.
6. Click RSA SecurID.
7. Choose REST API as the Integration Type.
8. On the RSA SecurID window, enter the hostname of RSA Authentication Manager in the API Host Name field.
9. Paste the port number and Access Key obtained in Step 3 in the Port and Access Key fields respectively.
10. Enter the authentication agent's name (that is, the hostname or access URL of the ADSelfService Plus server) in the Client Id field.
11. Select the Secure API requests to RSA server with HMAC Authentication checkbox to verify the integrity of the authentication requests. Follow the steps mentioned under HMAC prerequisites before enabling HMAC authentication.
    
12. Enter the Access ID copied in Step 3 in the Access Id field.
13. Select a Username Pattern that matches the User Account Format in the RSA Admin Console.
    Note: Users across different domains can have the same username, causing ambiguity during RSA mapping. To ensure a secure authentication, we strongly recommend using a username pattern that includes the domain. This username pattern needs to match the RSA User Account Format in the RSA admin console, to accurately map domain user accounts to RSA user accounts.
14. Click Test Connection and Save.

The configuration is complete.

Return to ManageEngine ADSelfService Plus - RSA Ready Implementation Guide.