Disconnect or Delete an Identity Router

You can take an identity router offline by disconnecting or deleting it. Both operations can prevent users from authenticating through SecurID.

Note: Perform these operations only when directed by SecurID Customer Support.

Action Description
Disconnect an Identity Router

Disconnecting can prevent users from authenticating. A disconnected identity router can be reconnected.

Delete an Identity Router If you need to scale down or restructure your SecurID deployment, you can delete one or more identity routers from the deployment. This involves deleting the identity router record from the Cloud Administration Console and uninstalling the identity router virtual appliance.

Note: These instructions apply to identity routers that are deployed as VMware or Hyper-V virtual appliances or are in the Amazon Web Services cloud. If your identity router is embedded in SecurID Authentication Manager, see Remove the Embedded Identity Router from SecurID Authentication Manager.

Disconnect an Identity Router

Procedure

  1. Open a web browser and do one of the following:
    • For Amazon cloud-based identity routers, go to https://<identityrouterIP>:9786/setup.jsp, where <identityrouterIP> is the private IP address of the identity router.
    • For VMware and Hyper-V identity routers, go to https://<identityrouterIP>/setup.jsp, where <identityrouterIP> is the IP address of the identity router management interface.
  2. Sign into the Identity Router Setup Console, and click Connect Authentication Service.
  3. Scroll to the bottom of the page, and click Disconnect.
  4. On the confirmation dialog, click OK to disconnect the identity router from the Cloud Authentication Service.
    After you disconnect the identity router, the Cloud Administration Console displays its status as Distressed.

Delete an Identity Router

After you delete an identity router, the following events occur:
  • The Cloud Authentication Service can no longer communicate with the associated identity router virtual appliance to monitor status, publish configuration settings, or provide updates.

  • The identity router can no longer connect the Cloud Authentication Service to any configured enterprise resources, such as LDAP directory servers and SecurID Authentication Manager.

Deleting the records for an identity router prevents the associated virtual appliance from functioning, but does not uninstall the virtual appliance itself. You must manually uninstall each identity router virtual appliance after you delete the associated records from the administration consoles.

Procedure

  1. If a load balancer directs traffic to the identity router, remove the identity router from the load balancer configuration.
  2. If a monitoring service reports the status of the identity router, remove the identity router from the monitoring service configuration.
  3. Do the following to delete the identity router record from the Cloud Administration Console:
    1. In the Cloud Administration Console, click Platform > Identity Routers.
    2. Select Delete from the drop-down menu to the right of the identity router.
    3. Click Delete to confirm deletion of the identity router.
    4. Click Publish Changes to apply the configuration settings to the remaining identity routers in the deployment.
    The Cloud Administration Console removes the deleted identity router from the status display.
  4. Uninstall the associated identity router virtual appliance from your environment using your VMware administration client or Hyper-V Manager. If the identity router is embedded in your SecurID Authentication Manager server, use the Security Console to delete it.