Configure Company Information and Certificates

Configure settings that affect your entire deployment. These settings include:

  • Configure secure Sockets Layer (SSL) private keys and certificates to protect the SecurID Access Application Portal.

  • Define a Protected Domain Name for SSO Agent deployments.

  • Disable or re-enable the following settings:
    • Just-in-time synchronization for all identity sources.

    • Data collection for identity confidence and location.

    • Disable the Remember This Browser prompt during authentication

Note: The Company Information page displays the Customer Support ID, which is required when you register with SecurID Customer Support.

Certificate Requirements

Certificates are required in either of the following situations:

  • The SSO Agent is enabled on the identity router.

  • The Cloud Authentication Service is integrated with SecurID Authentication Manager 8.4 Patch 3 or earlier.

Before you begin

  • You must be a Super Admin for the Cloud Authentication Service.
  • Complete the "Plan" section in your Quick Setup Guide. Plan the protected domain name carefully. Once added, it is difficult to change. See Protected Domain Name for details and examples. This name is not required for deployments that do not use the SSO Agent.

  • Obtain the private key, public certificate, and certificate chain required to configure SSL protection for the SecurID Application Portal, or for the SecurID Authentication Manager integration that allows users to access SecurID-protected resources using Authenticate Tokencodes. In SecurID Authentication Manager, this certificate chain (root certificate plus optional Certificate Authority certificates) is identified in the Operations Console as the identity router root certificate. For more information, see Cloud Authentication Service Certificates.

Procedure

  1. In the Cloud Administration Console, click My Account > Company Settings and select the Company Information tab.

  2. In the Protected Domain Name field, enter the Protected Domain Name value from your Quick Setup Guide. This is a unique domain name for your deployment, such as sso.example.com. Deployments that use the SSO Agent must have a protected domain name in order to publish changes to the identity router.

    securid_watchthevideographic.png

  3. Upload the following files:
    • The Private Key that matches the public certificate. Ensure that the private key is not password protected.

    • The Public Certificate that was issued from the certificate authority (CA) for your domain.

    • The Certificate Chain that was provided by the CA, which is valid for your public certificate.

    securid_watchthevideographic.png

  4. In the Company Site ID field, enter the Company ID that users provide when registering the SecurID Authenticate app on their devices. The first time you sign in to the Cloud Administration Console and access your account information, this field is preconfigured. Edit this field to your company specifications.
    Do not exceed 255 characters. Use only alphanumeric characters with no spaces. This value must be unique across all SecurID customers.

    Note: If you change the Company Site ID, you must instruct users to provide the new value when registering the SecurID Authenticate. Devices that are already registered are not affected.

  5. Just-in-Time Synchronization ensures that identity sources are updated in the Cloud Authentication Service every time a user registers a device or authenticates. New users are also added to the identity sources during just-in-time synchronization. This is the preferred method for synchronizing users. For more information, see Just-in-Time Synchronization.

    Note: Just-in-time synchronization is enabled by default and you can still disable it temporarily at this time. Keep in mind that within several weeks, this setting will be permanently enabled and not configurable. If you need this setting to be disabled permanently, contact SecurID Customer Support.

  6. When used in access policies, the Identity Confidence attribute allows SecurID to establish high or low confidence in a user's identity based on data it has collected about the user over a period of time. SecurID recommends that you leave data collection enabled. However, if required by your company, you can disable Identity Confidence Collection to prevent the Cloud Authentication Service from collecting this data from users during authentication. Do not use the Identity Confidence attribute in access policies when this field is disabled. For more information, see Identity Confidence .

    Note: The identity confidence attribute requires location data collection to be enabled to provide the most accurate results.

  7. By default, SecurID collects location data from users using HTML5 geolocation. This data is used by the Trusted Location, Identity Confidence, and Country attributes to evaluate users' authentication requirements when they try to access protected resources. SecurID recommends that you leave data collection enabled. However, if required by your company, you can disable Location Collection during authentication.

    Note: When disabled, do not use the Trusted Location in access policies and be aware that the location calculations for the Country and Identity Confidence attributes are less accurate.

  8. By default, the Cloud Authentication Service prompts users to click Remember This Browser during authentication. Disabling the prompt has the following impact:

    • Users are never prompted to click Remember This Browser during authentication.

    • The Cloud Authentication Service ignores the Known Browser attribute in access policies and always assumes the browser is unknown, even if it was previously "known."

      Note: If you disable this prompt, you should also remove the Known Browser attribute from access policies.

  9. Click Save Settings.