This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Blog

Subscribe to the official SecurID Governance & Lifecycle community blog for information about new product features, industry insights, best practices, and more.

Web Services: Improved Security

SeanMiller1
Moderator Moderator
Moderator
5 2 259
‎2019-12-17 09:28 AM

With recent changes to web services we have changed how the web services are organized and configured in the user interface. 

 

All the available commands are now organized into several tabs labeled by category:

  • Admin - Commands related to the admin functionality of RSA Identity Governance and Lifecycle (IGL)
  • Collection - Commands used to run various types of collections, check the status of a run, or delete a pending run
  • Information - Find related commands to search for different types of objects in IGL (accounts, applications, business units, change requests, data resources, directories, entitlements, reviews, roles, role sets, groups, users, etc.)
  • Request - Commands related to submitting a request or handling the processing of work items
  • Review - Commands related to reviews to run a review, update the state of items, or refresh the review
  • Rules - Used to handle the processing of rules

 

The settings tab, which is the first tab the user sees, provides a high level ability to toggle web services on and off.  The list of IP addresses that can be referenced from commands is also configured on this page along with the import directory where some commands look for content.

 

All the other tabs list the available commands in a table format.  A user can click on the Click for Details link for a particular command to expand the content and view details about how to use the command.  The new table includes a security column that uses icons to represent the current security settings for the command, and a Configure button to change the security.

 

The supported levels of security are:

  • From clients matching IP whitelist with a valid token (filter for the users to consider can optionally be set)
  • From any client with a valid token (filter for the users to consider can optionally be set)
  • Request Forms and Workflows (no token required)
  • Open (no token required)

 

Note: A user can only change the security for a particular command to be stronger than the default out of the box security setting.

 

Here is a video that presents these new features:

(view in My Videos)

 

Lastly, a token can be passed now to the web service in a more secure manner than on the url as a parameter.  Instead, you can pass the token in as a request header as a bearer token.  To do this, set the Authorization header with the value Bearer <token>

Labels
2 Comments
© 2023 RSA Security LLC or its affiliates. All rights reserved.