A new Registration Code and Registration URL is required if you need to re-register Authentication Manager with the Cloud Authentication Service. You must re-register for any of the following reasons:
You are configuring an embedded identity router.
You want to enable the high availability tokencode feature, and you are upgrading from an RSA Authentication Manager 8.4 deployment that is already connected to the Cloud Authentication Service.
The access policy that was used for the original connection has been replaced with a different access policy. The access policy is configured and selected in the Cloud Administration Console.
The access policy name that was used for the original connection has changed.
The RSA Authentication Manager API Key used for the original connection has been deleted from the Authentication API Keys page or the Administration API Key page in the Cloud Administration Console. This disconnects Authentication Manager from the Cloud Authentication Service.
You make changes to an HTTPS proxy server, and you need to connect to the Cloud Authentication Service again and accept a new certificate. You do not need to re-register if you configure or update the connection to a HTTP proxy server.
In the Security Console, click Setup > System Settings.
Click Cloud Authentication Service Configuration.
If Authentication Manager is behind an external firewall, you can configure a connection to a proxy server before connecting to the Cloud Authentication Service. For instructions, see Configure a Proxy Server.
To connect Authentication Manager to the Cloud Authentication Service, do the following:
Under Register Authentication Manager with the Cloud Authentication Service, copy and paste the Registration Code and the Registration URL from the Cloud Administration Console, or obtain this information from a Cloud Authentication Service Super Admin and manually enter it.
Click Connect to the Cloud Authentication Service.
A message indicates that the connection is established. The Cloud Authentication Service details are automatically updated and saved.
To enable users to authenticate to the Cloud Authentication Service, under Cloud Authentication Service Configuration, click Enable Cloud Authentication.
You can use RSA Authentication Manager as a secure proxy server that sends authentication requests directly to the Cloud Authentication Service.
To manually enable this feature, select the Send Multifactor Authentication Requests to the Cloud checkbox.
After you finish
If required by your deployment, add the Multifactor Authentication REST URL and the Help Desk Administration REST URL to a whitelist of URLs that Authentication Manager is allowed to access.
Other URLs are as follows.
Static or Dynamic
Requesting a Cloud Authentication Service Account
Based on your region:
Embedded identity router
The connection information varies. You can use a wildcard:
For any administrator who needs to manage Cloud Authentication Service users in the Authentication Manager User Dashboard, you must have selected Manage Cloud Authentication Service Users on the General Permissions tab. For more information, see Edit Permissions for an Administrative Role.