Configure a Proxy Server
If RSA Authentication Manager is behind an external firewall that restricts outbound traffic, you must configure a proxy server before connecting to Cloud Authentication Service (CAS) or before you configure an embedded identity router.
Note: RSA Authentication Manager only supports HTTP-basic authentication for proxy servers.
Before you begin
You must be a Super Admin.
Procedure
In the Security Console, click Setup > System Settings.
Click RSA Cloud Authentication Service Configuration.
Under RSA Cloud Authentication Service Firewall Proxy Configuration, click Enable Proxy Configuration.
In the Proxy Host field, enter the hostname of the proxy server. For example, example.com. If you have an HTTP proxy server that does not require a certificate, you can enter either a hostname or an IP address.
In the Proxy Port field, enter the port used by the proxy server.
If the proxy server does not require credentials, leave these fields blank. Otherwise, enter the following:
- In the Proxy Username field, enter the unique username for the proxy server.
- In the Proxy Password field, enter the unique password for the proxy server.
(HTTPS proxy server only) If you make changes to an HTTPS proxy server, a new Registration Code and Registration URL is required. You must connect to the Cloud Authentication Service again and accept a new certificate.
This step does not apply to HTTP proxy servers.
To connect again, do the following:
- Under Register RSA AM with the RSA Cloud Authentication Service, copy and paste the Registration Code and the Registration URL from the Cloud Administration Console, or obtain this information from a Cloud Authentication Service Super Admin and manually enter it.
- Apply the changes to the HTTPS proxy server by clicking Connect to the RSA Cloud Authentication Service. Saving the changes on the page does not update the connection.
- You are prompted to trust a proxy server certificate. Verify the certificate with your help desk or network administrator, and click Yes.
The trusted proxy server certificate cannot be deleted in AM. You can replace the certificate by updating the proxy server connection or by connecting to a new proxy server, and then connecting to Cloud Authentication Service again.
- Restart the proxy server.
The proxy server information that you enter will also be automatically used to fill the proxy server information in the Telemetry Settings page in the AM Security Console at Setup > System Settings > Advanced Settings > Telemetry. This data is used to send telemetry data to RSA. You can modify this data if required. For more information, see Configure the Telemetry Service.
- Click Save.
Related Articles
RSA Authentication Manager as a Proxy Server to the Cloud Number of Views Skyhigh Secure Web Gateway (Cloud using Agents) - RSA Ready Implementation Guide Number of Views How do I configure SSL Server certificates to be used with a Netscape Proxy Server? Number of Views Skyhigh Secure Web Gateway (Cloud using Browser Setting) - RSA Ready Implementation Guide Number of Views Roadmunk - SAML SSO Agent Configuration - SecurID Access Implementation Guide Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Deploying RSA Authenticator 6.2.2 for Windows Using DISM RSA MFA Agent 2.4 for Microsoft Windows Installation and Administration Guide
