Radiant Logic RadiantOne FID 7.3.12 - Identity Source with CAS Configuration - SecurID Access Implementation Guide

2 years ago

Originally Published: 2021-09-28

Radiant Logic RadiantOne FID 7.3.12 - Identity Source with CAS Configuration - SecurID Access Implementation Guide

This section describes how to integrate Radiant Logic RadiantOne FID HDAP Store with SecurID Access Cloud Authentication Service as an identity source.

Architecture Diagram

Configure Radiant Logic RadiantOne FID

Follow the steps below to enable paged results, get the user base DN for the sample data in HDAP Store and to get the default server SSL certificate included with Radiantone FID required for establishing secure ldap connection.

Procedure

1. Log on to the RadiantOne Main Control Panel as directory administrator.

2. Go to Settings > Server Front End > Supported Controls and select Enable paged results and click Save.

3. Click on Directory Browser tab, browse to o=companydirectory (HDAP store) and note down the DN for any of the sample OUs, for example "ou=Accounting,o=companydirectory".

4. Click vds_server on the Main Control Panel bar to open the Server Control Panel.

5. On the Server Control Panel, click on the Settings tab and click on View button to view server certificate.

6. On Certificate Details windows, click Save to File button and save the certificate to file.

Configure SecurID Access Cloud Authentication Service

Follow the steps below to add RadiantOne FID HDAP Store as identity source to SecurID Access Cloud Authentication Service(CAS).

1. Log in to the SecurID Access Administration Console.

2. Navigate to Users > Identity Sources.

3. Click on Add an Identity Source.

4. For New Identity Source type, select LDAP.

5. For Identity Source Details, under Basic Information section, enter name in the Identity Source Name field.

6. Under Connection Settings section,

For Root, enter the value of the DN for the sample OU obtained in step 3 in previous section.
for User Tag (SSO Agent Only), enter UID.

7. Under Directory Servers, click ADD.

8. On the Directory Server window, specify the following and click Save.

Server field - enter either IP address or hostname of the FID directory server.
Port - 636.
Cluster - select the cluster in which this identity source is configured.
Username - Directory Administrator name.
Password - Directory Administrator password.

9. Under SSL/TLS Certificates (optional) section, enable checkbox for both Use SSL/TLS encryption to connect to the directory servers and Allow Users to Change Passwords and click Add.

10. Browse and upload the certificate obtained in step 6 in previous section and make sure certificate is added successfully.

11. Under Directory Servers, click on Test Connection option.

12. Make sure Test Connection is successful, directory attributes are displayed under Results and click Close.

13. Click Next Step.

14. Under User Atttibutes section, click on Refresh Attributes.

15. Enable Synchronize the selected policy attributes with the Cloud Authentication Service and then enable check boxes for Policies and Apps for attributes that need to be synchronized with Cloud Authentication Service.

16. Then click Next Step.

17. Under Synchronize User Attributes section, specify the following and click Save and Finish.

First Name: givenname
Primary Usename: uid
Last Name: sn
Primary Unique Identifier: entryDN
Email Address: mail
Secondary Unique Identifier: employeeNumber
User Account Status: nsAccountLock

Note: nsAccountLock has to be set on the server manually by administrator to lock the user account. During client side password lockout, pwdAccountLockedTime attribute is set for the user and indicates the time at which account was locked and is managed by the FID server. For more information please refer to FID documentation.

18. Click on Publish Changes.