PingFederate - Authentication Manager - RSA MFA API (REST) Configuration - RSA Ready Implementation Guide
2 days ago

This article describes how to integrate PingFederate with RSA Authentication Manager (AM) and hybrid deployment (AM and CAS) using the REST API.

         

Configure AM

Perform these steps to configure AM using the REST API.
Procedure

  1. Sign in to the RSA Security Console.
  2. Go to Access > Authentication Agents and click Add New.
  3. Under the Authentication Agent Basics section, in the Hostname field, enter a unique name, such as MyPingFederate.
  4. Click Save.
  5. If your AM uses a self-signed certificate, add it as a trusted certificate authority (CA) in PingFederate.
  6. Export the certificate by following the steps in AM, and browse to your AM Security Console to the Cloud Administration Console, as appropriate.

  

Configure PingFederate

This section explains how to configure the RSA SecurID IdP Adapter and define how PingFederate communicates with the AM server.

Procedure

If you are upgrading from version 2.x of the integration kit, note the configuration details of your existing adapter instance, and then delete the adapter instance. Restore your configuration as you complete the following steps.

  1. In the PingFederate administrative console, go to Authentication > Integration > IdP Adapters.
  2. Click Create New Instance.
  3. On the Type tab, set the basic adapter instance attributes.
    1. In the Instance Name field, enter a name for the adapter instance.
    2. In the Instance ID field, enter a unique identifier for the adapter instance.
    3. In the Type list, select RSA SecurID IdP Adapter.
    4. Click Next.
  4. On the IdP Adapter screen, configure AM servers to try in the order if the primary server fails to respond.
    1. In the RSA AUTHENTICATION AGENT field, specify the field value created in AM.
    2. In the RSA BASE API URL field, enter the complete URL and endpoint of the AM server.
    3. In the RSA ACCESS ID field, enter the unique identifier copied from AM that is used to identify individual REST API clients.
    4. In the RSA ACCESS KEY field, enter the unique string copied from AM that is generated and used as a shared secret for REST API clients.
  5. On the Actions page, verify the connection to the RSA Authentication API. Address any reported issues, and then click Next.
  6. On the Extended Contract tab, leave the attributes section unchanged and click Next.
  7. On the Adapter Attributes tab, select the Pseudonym checkbox and click Next.
  8. On the Adapter Contract Mapping tab, click Next.
  9. On the Summary tab, review your configuration. 
  10. Click Save.

The configuration is complete. 

Related Articles

Trending Articles

Don't see what you're looking for?