Configure RSA Authentication Manager as a Secure Proxy Server for the Cloud Authentication ServiceConfigure RSA Authentication Manager as a Secure Proxy Server for the Cloud Authentication Service
You can configure RSA Authentication Manager 8.7 SP1 to act as a secure proxy server for the Cloud Authentication Service. User authentication requests are automatically forwarded to the Cloud Authentication Service, and you can configure high availability, which allows authentication to continue when the Cloud Authentication Service or the connection is unavailable or too slow.
You may need to do additional configuration steps to use these features.
Procedure
- REST protocol authentication agents require credentials to securely access Authentication Manager. See Configure the SecurID Authentication API for Authentication Agents.
- Connect Authentication Manager to the Cloud Authentication Service.
For instructions, see the following:
- To connect with an embedded identity router, see Quick Setup - Connect RSA Authentication Manager to the Cloud Authentication Service with an Embedded Identity Router.
While connecting, select the Send Multifactor Authentication Requests to the Cloud checkbox.
- If you are using identity routers on other platforms in your on-premises network or in the Amazon Web Services cloud, see Connect RSA Authentication Manager to the Cloud Authentication Service.
After you establish the connection, use the Security Console to select the Send Multifactor Authentication Requests to the Cloud checkbox. See Edit the RSA Cloud Authentication Service Connection.
Note: To use High Availability Tokencode with this feature, you must connect again after upgrading from version 8.4 Patch 4 or later.
- To connect with an embedded identity router, see Quick Setup - Connect RSA Authentication Manager to the Cloud Authentication Service with an Embedded Identity Router.
- In the Cloud Administration Console, create an access policy for the authentication agents that are connected to the Cloud Authentication Service, or plan to use an existing access policy. For instructions, see Planning Resource Protection with Access Policies and Access Policies.
- Configure your authentication agents to use Authentication Manager to direct authentication requests to the Cloud Authentication Service. For instructions, see your agent documentation.
After you finish
- When RSA Authentication Manager cannot communicate with the Cloud Authentication Service, users can access SecurID protected resources with SecurID authentication and Authenticate Tokencode. Authentication Manager always validates SecurID authentication. Authentication Manager must download High Availability Tokencode records to prompt users for Authenticate Tokencode. See Configure High Availability Tokencodes.
- Some newer authentication agents can automatically download offline emergency access codes for users who access the authentication agent. Users can continue to authenticate if the connection to Authentication Manager or the Cloud Authentication Service is not available. For more information, see Emergency Tokencode.
- Authentication Manager automatically downloads offline data day files that some newer authentication agents can use for uninterrupted authentication to the Cloud Authentication Service. For instructions, see your authentication agent documentation.
