Configure Connection to Authentication Manager
Users can access cloud-protected resources using RSA authenticators managed in Authentication Manager (AM). The Identity Router (IDR) can use a REST-based MFA agent, rather than a TCP agent, to verify authentication with AM. As part of the transition to a REST agent, you can configure the connection to AM based on your current IDR environment and configuration state as follows:
If all IDRs are upgraded to version 12.24.0.0.0 or later and a TCP agent connection exists, both TCP and REST agent configuration options are available. In this case, it is recommended to reconfigure the connection using the REST agent option.
If one or more IDRs are not upgraded to version 12.24.0.0.0 or later and have an existing TCP agent connection, only the TCP agent configuration option is available. Therefore, upgrade the IDR to the latest version to enable transition to the REST agent.
If no IDR is present or there is no existing TCP agent connection, only the REST agent option is available.
Before you begin
- You must be a Super Admin in the Cloud Administration Console for CAS.
- Deploy at least one identity router and connect it to the Authentication Manager server using the Cloud Administration Console. For instructions, see Connect Your Cloud Access Service Deployment to Authentication Manager.
Procedure
- In the Cloud Administration Console, click Platform > Authentication Manager.
Click Configure Connection.
Based on your IDR environment, select the appropriate connection option and complete the required fields in the Configuration Settings dialog box:
REST Agent (recommended option)
Authentication Agent Name: Enter the exact name your Authentication Manager (AM) administrator provides.
Primary URL: Enter the URL in the format https://<AM_PRIMARY_INSTANCE_HOSTNAME>:PORT.
Replica URL(s) (optional): Click Add to enter a secondary AM instance URL, if available.
Access Key: Enter the access key your AM administrator provides.
AM Root Certificate: Click Choose file and upload the certificate file from your AM administrator.
TCP Agent
Authentication Agent Name: Enter the exact name your AM administrator provides.
sdconf.rec File: Click Choose file and upload the file your AM administrator provides.
Click Save to complete the configuration.
Click Publish Changes.
Note: If you are running IDR 12.24.0.0.0 or later, and the existing AM connection is deleted, the TCP agent option will no longer be available. When you configure a new AM connection after this point, you can select only the REST agent option, and the TCP agent cannot be re-enabled.
After you finish
A graphic shows the connection status for each configured identity router. If any components are not connected, investigate the cause.
Related Articles
Publishing Changes to Cloud Access Service Without an Identity Router Number of Views Configure Agent Settings Number of Views Publishing Changes to the Identity Router and Cloud Access Service Number of Views Planning Resource Protection with Multifactor Authentication Number of Views Authentication Manager Log Messages (16291-16355) Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes: Cloud Access Service and RSA Authenticators RSA Release Notes for RSA Authentication Manager 8.8 RSA-2026-04: RSA Governance and Lifecycle Security Update for SUSE Linux Enterprise Server Vulnerabilities
