Configure Identity Router Security Levels
Security levels determine the cipher requirements that the identity router enforces when connecting to users and components in your SecurID deployment. On the Platform > Certificates and Encryption > Encryption Settings page of the Cloud Administration Console, you can view cipher requirements for incoming and outgoing connections, and modify the security level for incoming and outgoing connections.
The default security level is High. When you select a security level, the new setting applies to all identity routers.
The security level you select for incoming connections must support at least one cipher that is compatible with the load balancers and web browsers that connect to the identity router. The security level you select for outgoing connections must support at least one cipher that is compatible with web servers, which connect to the identity router. For example, if a web browser used by your organization does not support any of the ciphers from the Medium level, but supports one of the additional ciphers available at the Low level, you can set the security level to Low to ensure compatibility with that browser. RSA recommends using the highest security level that supports the components you need to connect.
Before you begin
- You must be a Super Admin in the Cloud Administration Console.
- Determine the highest incoming security level that includes the ciphers necessary to communicate with all web browsers and load balancers in your deployment. For security level cipher requirements, see Security Levels and Identity Router Connection Ciphers .
Procedure
- In the Cloud Administration Console click Platform > Certificates and Encryption > Encryption Settings.
Enable the Strong Elliptic Curve Key Exchange option. When this option is enabled, the identity router (IDR) will use elliptic curves with 224 bits or higher for Transport Layer Security (TLS) key exchange in all incoming and outgoing connections.
- From the Security Level drop-down menu in the Incoming Connections section, select the security level to use for connections between browsers or load balancers and the identity router.
- From the Security Level drop-down menu in the Outgoing Connections section, select the security level to use for connections between the identity router and web servers for reverse proxy applications.
- Click Save Settings.
- (Optional) To apply the new settings immediately, click Publish Changes.
Related Articles
Reports Number of Views How to capture a web browser console log for troubleshooting purposes Number of Views RSA Authentication Manager 8.2 False Positive Security Vulnerabilities Number of Views How to capture web sessions using Fiddler for troubleshooting purposes Number of Views Determining Access Requirements for High-Risk Users in Cloud Access Service Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
