Configure settings to identify your company and provide Secure Sockets Layer (SSL) private keys and certificates to protect the RSA SecurID Access Application Portal.
Configure settings that affect your entire deployment. These settings include:
Configure secure Sockets Layer (SSL) private keys and certificates to protect the RSA SecurID Access Application Portal.
Define a Protected Domain Name for SSO Agent deployments.
Disable or re-enable the following settings:
Just-in-time synchronization for all identity sources.
Data collection for identity confidence and location.
Note:The Company Information page displays the Customer Support ID, which is required when you register with RSA Customer Support.
Certificates are required in either of the following situations:
The SSO Agent is enabled on the identity router.
The Cloud Authentication Service is integrated with RSA Authentication Manager to allow users to access RSA SecurID-protected resources using Authenticate Tokencodes, regardless of whether the SSO Agent is enabled or disabled.
Before you begin
You must be a Super Admin for the Cloud Authentication Service.
Complete the "Plan" section in your Quick Setup Guide. Plan the protected domain name carefully. Once added, it is difficult to change. See Protected Domain Name for details and examples. This name is not required for deployments that do not use the SSO Agent.
Obtain the private key, public certificate, and certificate chain required to configure SSL protection for the RSA SecurID Access Application Portal, or for the RSA Authentication Manager integration that allows users to access RSA SecurID-protected resources using Authenticate Tokencodes. In RSA Authentication Manager, this certificate chain (root certificate plus optional Certificate Authority certificates) is identified in the Operations Console as the identity router root certificate. For more information, see Cloud Authentication Service Certificates.
In the Cloud Administration Console, click My Account > Company Settings and select the Company Information tab.
In the Protected Domain Name field, enter the Protected Domain Name value from your Quick Setup Guide. This is a unique domain name for your deployment, such as sso.example.com. Deployments that use the SSO Agent must have a protected domain name in order to publish changes to the identity router.
Upload the following files:
The Private Key that matches the public certificate. Ensure that the private key is not password protected.
The Public Certificate that was issued from the certificate authority (CA) for your domain.
The Certificate Chain that was provided by the CA, which is valid for your public certificate.
In the Company ID field, enter the Company ID that users provide when registering the RSA SecurID Authenticate app on their devices. The first time you sign in to the Cloud Administration Console and access your account information, this field is preconfigured. Edit this field to your company specifications. Do not exceed 255 characters. Use only alphanumeric characters with no spaces. This value must be unique across all RSA customers.
Note:If you change the Company ID, you must instruct users to provide the new value when registering the RSA SecurID Authenticate. Devices that are already registered are not affected.
Just-in-Time Synchronization ensures that identity sources are updated in the Cloud Authentication Service every time a user registers a device or authenticates. New users are also added to the identity sources during just-in-time synchronization. This is the preferred method for synchronizing users. You can enable or disable this feature. For more information, see Just-in-Time Synchronization.
When used in access policies, the Identity Confidence attribute allows RSA SecurID Access to establish high or low confidence in a user's identity based on data it has collected about the user over a period of time. RSA recommends that you leave data collection enabled. However, if required by your company, you can disable Identity Confidence Collection to prevent the Cloud Authentication Service from collecting this data from users during authentication. Do not use the Identity Confidence attribute in access policies when this field is disabled. For more information, see Identity Confidence .
Note:The identity confidence attribute requires location data collection to be enabled to provide the most accurate results.
By default, RSA SecurID Access collects location data from users using HTML5 geolocation. This data is used by the Trusted Location, Identity Confidence, and Country attributes to evaluate users' authentication requirements when they try to access protected resources. RSA recommends that you leave data collection enabled. However, if required by your company, you can disable Location Collection during authentication.
Note:When disabled, do not use the Trusted Location in access policies and be aware that the location calculations for the Country and Identity Confidence attributes are less accurate.
By default, the Cloud Authentication Service prompts users to click Remember This Browser during authentication. Disabling the prompt has the following impact:
Users are never prompted to click Remember This Browser during authentication.
The Cloud Authentication Service ignores the Known Browser attribute in access policies and always assumes the browser is unknown, even if it was previously "known."
Note:If you disable this prompt, you should also remove the Known Browser attribute from access policies.