This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
Willougd
New Contributor
New Contributor
‎2023-04-07 11:46 AM

Using powershell to modify hardware tokens for users.

Jump to solution

Hi,  

I am completely new to RSA authentication manager integrations.  We would like to via RESTAPI or Powershell, to update / change / assignment of preloaded hardware tokens for end users.  

I believe the two classes below from the API documentation will do what I want, but the parameters don't make sense to me to get started. 

I've done RESTAPI calls and I enabled the API interface with the token.  I'm just missing a place to get started.

Class LinkTokensWithPrincipalCommand

Class UnlinkTokensFromPrincipalsCommand

Reply
1 Solution

Accepted Solutions
SeanDoyle
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2023-04-12 11:49 AM

Jump to solution

the AM admin SDK is not a REST API. There is only a REST API for authentication.

There is a REST API for administration available from RSA Professional Services known as Prime which provides REST API middleware and API encapsulation of the AM admin SDK. The is not free and requires licensing and implementation support. 

In lieu of purchasing a Prime license and implementing it within your environment, your best option if you want to use Powershell is probably the AM SDK SOAP interface. This will take some work. Another alternative, still complicating but probably more doable would be to use the AM SDK Java API. All of these are in the AM Extras package.

View solution in original post

Reply
3 Replies
EricaChalfin
Moderator Moderator
Moderator
‎2023-04-12 08:37 AM

Jump to solution

@Willougd,

Welcome to the RSA community! We are glad you've joined us. Thank you for your questions about Authentication Manager. 

You say you are looking to use the REST API or PowerShell to update/change the assignment of hardware tokens for your end users. Can you be a bit more descriptive of what you are looking to accomplish?

Our MFA agents for macOS and for Windows use the Cloud Authentication Service and Authentication Manager to provide strong multifactor authentication (MFA) to users authenticating through agents, both online and offline. If you are looking to simplify the bulk administration of users, tokens and agents, consider implementing the RSA Authentication Manager 8.7 Bulk Administration Utility. Please note AMBA does require a standalone license, the Cloud Plus license, or the Cloud Premier license. You can discuss licensing with your RSA sales representative.

While PowerShell can be installed and run on Linux distros, we do not recommend installing any additional software on your Authentication Manager server.


Best regards,
Erica
0 Likes
Reply
Willougd
New Contributor
New Contributor
In response to EricaChalfin
‎2023-04-12 08:53 AM

Jump to solution

Hi @EricaChalfin 

Right now, if we want to change who a hardware token is assigned to, someone has to login to the AM appliance and change the assignment.

I would like to develop an API via powershell to change who a hardware token is assigned to.  I can do 99% of it myself, I'm just not sure where to begin.  I haven't found any starter code that describes the APIs or anything like that.  

0 Likes
Reply
SeanDoyle
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2023-04-12 11:49 AM

Jump to solution

the AM admin SDK is not a REST API. There is only a REST API for authentication.

There is a REST API for administration available from RSA Professional Services known as Prime which provides REST API middleware and API encapsulation of the AM admin SDK. The is not free and requires licensing and implementation support. 

In lieu of purchasing a Prime license and implementing it within your environment, your best option if you want to use Powershell is probably the AM SDK SOAP interface. This will take some work. Another alternative, still complicating but probably more doable would be to use the AM SDK Java API. All of these are in the AM Extras package.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.