To create the agent, follow the steps in the Installation and Administration Guide for your agent.
Setting the agent as either restricted or unrestricted happens when you add the agent to the deployment through the Security Console.
- First add the agent to the deployment as a restricted agent (Access > Authentication Agents > Add New).
- Next, generate and download the configuration files (Access > Authentication Agents > Generate Configuration File > Generate Config File > Download Now).
- Copy the AM_Config.zip, containing the sdconf.rec file and the failover.dat file, to each agent you are configuring.
- Setup user groups (Identity > User Groups > Add New).
- Allow user group access to the new restricted agent. Open the restricted agent (Access > Authentication Agents > Manage Existing) Select the agents(s) to which you want to grant access.
- Select Grant Access to User Groups and click Go.
- Use the search options to select the usr group(s) to which you want to grant access.
You can learn about creating restricted and unrestricted agents through the online help in the RSA Authentication Manager Security Console. Search for Configuring a Restricted Agent to Control User Access for more information.
By default all agents created at first are unrestricted agents.
Once we decide to configure more refined or locked down access to a particular Agent based on user groups, that is when the agent becomes a restricted agent by granting access to user Groups from security console.
The user groups can be - the groups created from within the security console which are locally stored in the internal database (or) the groups that are referenced from an external Identity source such as Microsoft Active Directory whose DN is defined while the Identity source is created from the operations console (Group Base DN)