AnsweredAssumed Answered

Expose RSA User Access Review to a Third Party App/Website

Question asked by Muzammil K on May 5, 2020
Latest reply on May 7, 2020 by Gunpreet Singh

Like • Show 0 Likes0
Comment • 5

Dear Fellow Experts,

Trust everyone is safe and healthy.

We have a requirement where the customer wants to have the user access review within their own app (Third party app). So the user would log into their third party app, see all the review items and then maintain/revoke it from their instead of users logging into the RSA IGL Web portal.

Would like to check the feasibility of this, whether it’s possible and if yes, how may I achieve this? May be through APIs or DB views?

Also, is it advisable to expose DB views to third party applications?

No one else has this question

Outcomes

5 Replies

Ian Staines May 5, 2020 12:09 PM
Mark Correct
Correct Answer
I do not think this is feasible.

The Web Services does have API commands for reviews. (see updateReviewItems) I do not think it would be feasible to write an entire application to do reviews externally.

You may not expose DB views to a third party application especially for write action.

1 person found this helpful
Like • Show 1 Like1
Actions
Najeeb Peracha May 5, 2020 12:34 PM
Mark Correct
Correct Answer
It may be possible, depending on your requirements. See the March 2020 IGL Webinar recording where an RSA partner Securience presented a similar solution (Securience Access Anywhere - Implementation Blueprint):

RSA Identity Governance & Lifecycle Huddle #8 - March 2020: Recording and Presentation

(CC: Jamie Pryer)
2 people found this helpful
Like • Show 2 Likes2
Actions
- Jamie Pryer @ Najeeb Peracha on May 6, 2020 10:19 AM
  Mark Correct
  Correct Answer
  Thanks Najeeb - adding Mike Sims
  Like • Show 1 Like1
  Actions
Mike Sims May 6, 2020 10:48 AM
Mark Correct
Correct Answer
Hi Muzammil,

As previously mentioned there are several reasons this might not be feasible out of the box. However, as Najeeb mentioned above, we presented a solution for this exact scenario. Our solution comprised of a local agent to integrate with RSA and a mobile gateway to service requests from external clients (we also supply a mobile app to make use of this). If the customer wants to integrate into their own app we can supply API docs as part of an SDK in order to do so.

The main benefits:
- No credentials are parsed outside the domain (mobile app is password-less as it is securely registered to an individual)
- Step up authentication uses biometrics to perform privileged actions such as approvals, submitting review items etc
- Added risk based decisions based on geo-location
- Quick to deploy as the agent polls the external gateway, therefore no need for dangerous ports being opened to let external traffic into your domain
- No identity information ever leaves the domain, the gateway is simply a proxy for review/request decisions

Regards,

Mike
3 people found this helpful
Like • Show 2 Likes2
Actions
- Gunpreet Singh @ Mike Sims on May 7, 2020 3:11 AM
  Mark Correct
  Correct Answer
  Thanks Mike for the detailed info, the app looks quite good & beneficial for customers looking for performing Access Reviews on a mobile platform.
  
  Jamie Pryer, we have a similar requirement for one of our clients. Plz let me know how we can take this forward?
  
  Thanks,
  Gunpreet
  Like • Show 0 Likes0
  Actions