This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA® Authentication Manager Documentation

Browse the official RSA Authentication Manager documentation for helpful tutorials, step-by-step instructions, and other valuable resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Versions
Collections
All Downloads

Table of Contents

Product Resources

Deploying an Authentication Agent That Uses the REST Protocol

Before an authentication agent can communicate with RSA Authentication Manager, you must deploy the agent.

An authentication agent that uses the REST protocol securely passes user authentication requests to and from the RSA SecurID Authentication API. Unlike authentication that use the UDP protocol, authentication agents that use the RSA SecurID Authentication API do not require or use a node secret or the Authentication Manager configuration file sdconf.rec.

Before a REST-based authentication agent can communicate with RSA SecurID Authentication API, you must deploy the agent.

Before you begin 

  • Configure the RSA SecurID Authentication API for Authentication Agents.

  • Determine whether the authentication agent is restricted or unrestricted:

    • Unrestricted agents. Unrestricted agents process all authentication requests from all users in the same deployment as the agent.

      However, to allow a user to authenticate with a logon alias, the user must belong to a user group that is associated with the logon alias and that is enabled on the unrestricted agent.

    • Restricted agents. Restricted agents process authentication requests only from users who are members of user groups that have been granted access to the agent.

      Users who are not members of a permitted user group cannot use the restricted agent to authenticate. Resources protected by restricted agents are considered to be more secure because they process requests only from a subset of users.

Procedure 

  1. In the Security Console, click Access > Authentication Agents > Add New.

  2. From the Security Domain drop-down menu, select the security domain to which you want to add the new agent.

  3. Under Authentication Agent Basics, do the following:

    1. For Hostname, enter a new hostname for the agent host or a logical name for the agent.

      If you entered a hostname, click Resolve IP. The IP address is automatically entered. If you enter a new name, the name must be unique.

    2. (Optional) In the IP Address field, enter the IP address of the agent.

      If you use an existing server name, this field is automatically populated and read-only. If no address is specified, UDP agents will use auto-registration to provide the address to the server.

    3. (Optional) In the Alternate IP Addresses field, enter alternate IP addresses for the agent.

      You enter alternate IP addresses if the agent has more than one network interface card, or is located behind a static network address translation (NAT) firewall.

      If you use an existing server name, this field is automatically populated and read-only.

  4. (Optional) Under Authentication Agent Attributes, you can select the following options:

    • To specify the type of agent, select the type from the Agent Type list.

      If the agent is a web agent, select Web Agent, otherwise keep the default selection Standard Agent. The populated agent types are labels, there is no functional difference by choosing Web Agent or Standard Agent.

    • To disable the agent, select Agent is disabled.

      You might select this option to stop access to a resource temporarily.

    • To add a restricted agent, select Allow access only to members of user groups who are granted access to this agent.

      Only users who are members of user groups that have permission to access a restricted agent can use this agent to authenticate. Any user can use an unrestricted agent to authenticate.

  5. If your authentication agent supports trusted realm authentication or risk-based authentication, you can select Enable Trusted Realm Authentication or Enable this agent for risk-based authentication. If your authentication agent does not support these features, then selecting or clearing these checkboxes has no effect on the agent.

  6. Click Save.

    Note:  If the hostname is not a fully qualified host name or the IP address is not specified, a Confirmation Required dialog, summarizing the hostname and the IP address is displayed. Here, you can either edit the agent details or save the agent information.

 

 

Related Concepts

Operating System Access

RSA Authentication Agents

Related Tasks

Generate an HMAC for Authentication Agents

Configure the RSA SecurID Authentication API for Authentication Agents

 

 

 

You are here
Table of Contents > RSA SecurID Authentication API for Authentication Agents > Deploying an Authentication Agent that Uses the REST Protocol
Labels (2)
0 Likes
Was this article helpful? Yes No
No ratings
© 2023 RSA Security LLC or its affiliates. All rights reserved.