This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
shaktinayak
Beginner
Beginner
‎2018-01-29 09:50 AM

Authentication for service Accounts in Aveksa

I want to create a local account in Aveksa, similar to AveksaAdmin but with least privileges  and to use default Aveksa Authentication, mainly to by pass SSO.

I have followed the steps in the below link

 

Authentication Sources - Web Services 

How to create local-account in aveksa (other than AveksaAdmin) to bypass SSO 

 

  1. Created a trusted source system using a csv to store service account and password.
  2. Added the aveksa priveleges to call the webservices
  3. But the next step tells to add the trusted source system as an authentication source but i can only see 3 types of authentiction sources present LDAP/AD or SSO. or TestProvider

 

How do i "Add the trusted source system as an authentication source".

 

pastedImage_1.png

Labels (1)
Labels
0 Likes
Reply
6 Replies
shaktinayak
Beginner
Beginner
‎2018-01-31 10:44 AM

Any suggestions ?

0 Likes
Reply
PradeepKadambar
Moderator Moderator
Moderator
In response to shaktinayak
‎2018-01-31 10:50 AM

LDAP is the only source (for direct bind) supported.

 

You should create the service account in AD in specific OU and collect them as identities. You can configure an AD auth source.

Reply
shaktinayak
Beginner
Beginner
In response to PradeepKadambar
‎2018-01-31 10:59 AM

I was referring to the below discussion:-

https://community.rsa.com/thread/189203 

My requirement is to have some local accounts who can authenticate in Aveksa like Aveksa Admin

I would like some clarity on the below.

 

"Create the service account in a trusted source system. This could a directory, a database or even a CSV file if you adequately secure the file. Add the service account with a secure password to the trusted source. Collect the service account into Aveksa as an identity. Add the relevant Aveksa privileges to the user to be able to call the web services that are required. Add the trusted source system as an authentication source. When you login using the web service authenticate with the credentials in your source system. You only need to do this for web services that require authentication, some REST web services do not require an authentication token."

0 Likes
Reply
SunitaBhat
Beginner
Beginner
In response to shaktinayak
‎2018-02-12 01:08 PM

Use the TestProvider.

Your new user is coming from the CSV file.

Password would be what you give on the UI after selecting the TestProvider.

0 Likes
Reply
shaktinayak
Beginner
Beginner
In response to SunitaBhat
‎2018-02-14 09:20 AM

Thanks for the update.

But the TEST Provider leads to a default password for every account.

Which we don't want.

So looking for any alternative options.

0 Likes
Reply
SunitaBhat
Beginner
Beginner
In response to shaktinayak
‎2018-02-22 11:47 AM

That's true. In my use-case we wanted just two additional accounts so we created two such IDCs and gave different password for each. 

I will be interested too in any alternate solution.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.