SecurID® Governance & Lifecycle Blog

Subscribe to the official SecurID Governance & Lifecycle community blog for information about new product features, industry insights, best practices, and more.

Web Services: Improved Security

SeanMiller1
Moderator Moderator
Moderator
5 2 316

With recent changes to web services we have changed how the web services are organized and configured in the user interface. 

 

All the available commands are now organized into several tabs labeled by category:

  • Admin - Commands related to the admin functionality of RSA Identity Governance and Lifecycle (IGL)
  • Collection - Commands used to run various types of collections, check the status of a run, or delete a pending run
  • Information - Find related commands to search for different types of objects in IGL (accounts, applications, business units, change requests, data resources, directories, entitlements, reviews, roles, role sets, groups, users, etc.)
  • Request - Commands related to submitting a request or handling the processing of work items
  • Review - Commands related to reviews to run a review, update the state of items, or refresh the review
  • Rules - Used to handle the processing of rules

 

The settings tab, which is the first tab the user sees, provides a high level ability to toggle web services on and off.  The list of IP addresses that can be referenced from commands is also configured on this page along with the import directory where some commands look for content.

 

All the other tabs list the available commands in a table format.  A user can click on the Click for Details link for a particular command to expand the content and view details about how to use the command.  The new table includes a security column that uses icons to represent the current security settings for the command, and a Configure button to change the security.

 

The supported levels of security are:

  • From clients matching IP whitelist with a valid token (filter for the users to consider can optionally be set)
  • From any client with a valid token (filter for the users to consider can optionally be set)
  • Request Forms and Workflows (no token required)
  • Open (no token required)

 

Note: A user can only change the security for a particular command to be stronger than the default out of the box security setting.

 

Here is a video that presents these new features:

 

Lastly, a token can be passed now to the web service in a more secure manner than on the url as a parameter.  Instead, you can pass the token in as a request header as a bearer token.  To do this, set the Authorization header with the value Bearer <token>

2 Comments