Authentication Agent InstanceAuthentication Agent Instance

An agent instance is a record that is created when an authentication agent (UDP agent or other agent) sends a user-authentication request to and from Authentication Manager. A single agent can have multiple agent instances and the agent instances are always associated with an authentication agent. To uniquely identify an instance, you can use the agent ID and/or software ID. An agent instance contains information, such as the agent ID, software identifier, hostname, last authenticated time and IP address, platform, certificate status, and so on. The Authentication Manager stores the agent details in its internal database.

Note: While the instances of MFA agents may contain all the details, the legacy agents (UDP-based agents) may contain only the agent ID/name and the last authenticated time.

Agent Instance CertificateAgent Instance Certificate

An agent instance certificate establishes a trust between an agent instance and the Authentication Manager server. A client or an agent needs a signed certificate from the Authentication Manager server to support the Windows Password Integration API. During an MFA API call, Authentication Manager uses this certificate to validate and authenticate a client.

An administrator can manage the agent instance certificates as follows:

• View agent instances

• Delete an agent instance

• Clear an agent instance certificate

• Revoke an agent instance certificate

Note: Deleting an authentication agent deletes all the instances associated to it.

View Agent InstancesView Agent Instances

You can view the instances of all types of agents such as Web agent, standard agents, and RADIUS agents.

Procedure

1. In the Security Console, click Access > Authentication Agents > Manage Existing.

2. Click the Restricted or Unrestricted tab, depending on whether the agent that you want to search for is restricted or unrestricted.

3. In the Search Criteria pane, use the search fields to find agents matching your search criteria.

4. From the search results, click an agent and then select Agent Instances from the context menu.

Delete an authentication agent instanceDelete an authentication agent instance

You can delete an agent instance when it is no longer needed. When an agent instance is deleted, the signed certificate associated to it is also deleted and moved to the revoked certificate list.

Procedure

1. In the Security Console, click Access > Authentication Agents > Manage Existing.

2. Click the Restricted or Unrestricted tab, depending on whether the agent that you want to search for is restricted or unrestricted.

3. In the Search Criteria pane, use the search fields to find the agents matching your search criteria.

4. To view the instances of an agent, click the agent and then click Agent Instances from the context menu.

5. Do one of the following:

   • To delete a specific instance, select the agent instance or software identifier that you want to delete, and then click Delete from the action menu.

   • To delete multiple instances, select multiple agent instances or software identifiers, and then click Delete from the action menu.

Clear an authentication agent instance certificateClear an authentication agent instance certificate

An administrator can clear certificates issued to authentication agents.

Procedure

1. In the Security Console, click Access > Authentication Agents > Manage Existing.

2. Click the Restricted or Unrestricted tab, depending on whether the agent that you want to search for is restricted or unrestricted.

3. In the Search Criteria pane, use the search fields to find the agent matching your search criteria.

4. To view the instances of an agent, click the agent and then click Agent Instances from the context menu.

5. To clear certificates, do one of the following:

• To clear a certificate from a specific instance, click the agent instance, and then click Clear Certificate from the context menu.

• To clear certificates for multiple instances, select multiple agent instances, and then click Clear Certificate from the context menu.

Revoke an authentication agent instance certificateRevoke an authentication agent instance certificate

When a certificate is compromised and needs to be revoked for security reasons, an administrator can revoke the issued certificates. The revoked certificate will be added to the revoked certificates list automatically.

Procedure

1. In the Security Console, click Access > Authentication Agents > Manage Existing.

2. Click the Restricted or Unrestricted tab, depending on whether the agent that you want to search for is restricted or unrestricted.

3. In the Search Criteria pane, use the search fields to find the agent matching your search criteria.

4. To view the instances of an agent, click the agent and then click Agent Instances.

5. Click the agent instance or software identifier that you want to revoke, and then click Revoke Certificate.

   Note: A revoked certificates is added to the revoked certificates list and is indicated by a green tick in the Certificate Revoked column.