Quick Setup Guide - Connect Governance & Lifecycle to ID Plus
This guide provides instructions for connecting the RSA Governance & Lifecycle (G&L) instance to the RSA ID Plus server and establishing a trust relationship between them to enable subsequent bi-directional integrations.
What You Need to Have
You need to have the following details:
Registration Code
Registration URL
To generate a Registration Code and Registration URL, follow the instructions in the below procedure.
Generate the Registration Code and URL to Connect G&L to ID Plus
You need a registration code and URL to enter into the G&L instance to establish the connection between G&L and ID Plus. To generate this code and URL, perform the following steps.
Procedure
In the Cloud Administration Console, click Platform > Governance & Lifecycle.
Click Generate Code.
The Registration Code is generated.Copy the values from the Registration Code and URL fields and store them securely on your computer.
(Optional) Select a Network Zone from the drop-down list.
Connect G&L to ID Plus
You need to connect a G&L instance to the ID Plus server to establish a bi-directional trust relationship. To connect them, perform the following steps.
Procedure
Log in to RSA Governance and Lifecycle.
Navigate to Admin > IDPlus Connect, and then click Create IDPlus Application.
On the Remote Application Setup page (1), click Next.
On Page 2 (Register RSA G&L with RSA IDPlus), enter the following details:
Application Name: Enter a name for the ID Plus server that you are connecting to.
Registration URL: Paste the URL copied from the Cloud Administration Console (see the Generate the Registration Code and URL to Connect G&L to ID Plus section).
Registration Code: Paste the code copied from the Cloud Administration Console (see the Generate the Registration Code and URL to Connect G&L to ID Plus section).
Click Next.
Click Connect to the RSA IDPlus.
A Connection Successful message is displayed.After successful registration, do the following.
Select the Create Collector checkbox to create an ADC collector.
Select the User Sync with IDPlus checkbox to onboard the new user to the ID Plus application.
Note: The IDPlus Lookup Api field is automatically generated from the API and is not editable.
Click Next.
On the Connection page 2, the details for the following fields are provided by default, and can be customized if needed.
Base URL
Use Base URL for All API(s) is set to true.
SSL Authentication is set to One-Way-SSL.
User Authentication Type is OAuth2 - The field is not editable.
Enter Client ID, Client Secret, Authentication URL, and Access Token URL.
Click Get OAuth 2.0 Access Token.
Click Next.
On the Select types of account data to collect page 3, select Accounts and click Next.
On the Configuration of Account collection page 4, do the following.
Enter the Request Parameters.
Enter the Header Name and Header Value in the given fields.
Enter the Response Path for the Collector Mapping Parameters.
To check the records, click Test Rest API - 1.
Click Next.
On the Map Collector Attributes to Account Attributes page 6, from the User Reference drop-down list, select AccountId.
Click Next.
A confirmation page appears for the Create IDPlus Application.On the Edit User Resolution Rules page 7, do the following.
Click Add More, and then click Next.
Review the details and click Finish.
IDPlus Application has been created and is displayed on the Admin > IDPlus Connect page.
Click the ID Plus Application displayed under the Application Name.
To collect the accounts, do the following.
Navigate to Collectors and click the ADC collector.
Click Test.
The collected accounts are displayed on the Accounts page.
Test the Lookup API
To test the Lookup API, perform the following steps.
Procedure
Add a new user.
On the home page, navigate to Collectors > Identity Collection.
To run the Identity Collection, do the following.
Select the Collector.
Click the Collect Identity button.
You can monitor the collection on the Monitoring page.
Delete the ID Plus Application and Collectors
To remove the ID Plus application and its associated collectors from G&L, perform the following steps.
Before you begin
Ensure you are logged in to the G&L application with administrative privileges.
Procedure
Navigate to Admin > IDPlus Connect.
Select the ID Plus application that you want to delete.
On the Collectors tab, select IDPlus_ADC collector and click Deactivate.
After deactivation, click the Delete icon present at the right corner of the application to remove the collector.
Return to the General tab of the ID Plus application.
Click Delete to remove the application.
Configure the Remote Agent with ID Plus
Perform the following steps to configure the remote agent with ID Plus.
Procedure
Download the certificate from the ID Plus server.
Log in to G&L application and navigate to Admin > User Interface > Files.
Select the SSL certificate files.
Upload the ID Plus certificate file, and click OK.
Download the keystore files from the remote agent.
Replace the existing client.keystore file with the newly downloaded file in the remote agent.
Restart the remote agent.
Troubleshooting
If the ID Plus application is deleted before the collector is removed, then the collector may remain in the database and will need to be removed manually.
Before you begin
Ensure you have access to the correct database schema depending on your deployment type:
Cloud Customers: Navigate to Admin > System > SQL Utility within the application UI and ensure the avuser schema is selected.
On-Premise Customers: Access the database directly using a tool such as sqlplus or SQLDeveloper and ensure the avuser schema is selected.
Procedure
To remove the collector manually, perform the following steps.
Run the following query and locate the associated ADC collector to identify the record.
SELECT * FROM t_oauth2_record WHERE CLIENT_ID = <Client_ID_Here> And TOKEN_URL = <Insert_URL_Here>;
From the results, identify the specific ID and respective token URL of the orphaned ADC collector to locate the client ID.
Run the following deletion command using the client ID and token URL identified in the previous step to delete the record.
DELETE FROM t_oauth2_record WHERE CLIENT_ID = <Client_ID_Here> And TOKEN_URL = <Insert_URL_Here>;
Run the following query to commit the changes.
DELETE FROM t_oauth2_record WHERE CLIENT_ID = 'glAdminClientId' and token_url='https://voyager-karma-gp8-ngx.auth-dev.securid.com/oauth/token';
Note: In the preceding query, replace <Client_ID_Here> and <Insert_URL_Here> with the actual client ID and token URL found in Step 2.
Related Articles
RADIUSwith CAS Configuration - Thycotic Secret Server 10.6 - RSA Ready SecurID Access Implementation Guide 20Number of Views RSA Authentication Manager 8.5 Azure Virtual Appliance Getting Started 8Number of Views RADIUSwith CAS Configuration - Cisco FTD RSA Ready SecurID Access Implementation Guide 32Number of Views Announcing the January 2022 Release of SecurID 22Number of Views Specops Software uReset - SecurID Authentication API with AM Configuration - RSA Ready SecurID Access Implementation Guide 13Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.8 Setup and Configuration Guide How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA Authentication Manager 8.9 Setup and Configuration Guide Authentication Manager Supported Hardware and Upgrade Paths