This article describes how to integrate OpenText SAFE with RSA Authentication Manager using REST API.

  
Configure RSA Authentication Manager

Perform these steps to configure RSA Authentication Manager using REST API.
Procedure

1. Sign in to Security Console.
2. To add a new agent host, navigate to Access > Authentication Agents and click Add New. 
3. Enter all the required information. 
   1. Set the Hostname to OpenText EnCase SAFE, which will be used in the OpenText SAFE configuration.
   2. Leave the IP Address field blank.
   3. Select the Protect IP Address checkbox to prevent auto-registration from unassigning an IP address.
   4. For Agent Type, select Standard Agent.
   5. Click Save to add the agent.
      
4. Go to Setup > System Settings > RSA SecurID Authentication API and select Enable Authentication API to allow the use of the REST API.
5. Copy the Agent Credentials that is used in OpenText SAFE configuration.
6. Set the port to be used (default is 5555).
   
7. Obtain the relevant CA certificates from your Tenant URL that are needed for the OpenText SAFE configuration.
   The certificate for your Primary RSA authentication server
   The “RSA root CA” certificate
8. To retrieve the necessary CA certificate from your Tenant URL, perform the following steps. These instructions are adaptable to most modern browsers, though the specific menus and labels may vary slightly.
   1. Open a Web Browser: Go to your Tenant URL in a web browser.
   2. View Certificate: Click the padlock or info icon in the address bar, click Certificate or Connection is secure, and then click Certificate to open the certificate details.
   3. Export the CA Certificate: Go to the Details tab, click Copy to File or Export, and choose a format such as DER or PEM.
   4. Save the Certificate: Choose a location on your computer to save the exported certificate file and complete the saving process.
      

Configure OpenText SAFE

Perform the following steps to configure OpenText SAFE.
Procedure

1. Run the SAFE installer.  
   1. On the Options page, click Configure RSA SecurID and add the values obtained from the previous section.
      
      
      1. Primary RSA Authentication Server URL: The URL (including port number) of the server hosting RSA Authentication Manager. The port number is typically 5555. 
      2. Access KEY: The secret key previously retrieved from the RSA Authentication Manager configuration.
      3. Access ID: The unique identifier of the Authentication Manager previously retrieved from the RSA Authentication Manager configuration.
   2. If using RSA SecurID for keymaster authentication, select the option on the Complete Installation step of SAFE installation wizard.
   3. Complete SAFE installation.
2. Configure the SAFE user accounts to use RSA SecurID as an authentication method. 
   1. Select SAFE Configuration > Users from the menu bar. The SAFE Users page displays a table of all SAFE users.
   2. Click Create to add a child user to the default keymaster parent account. The Enterprise tab of the Create New User page is displayed. You can also click an existing parent row to create a child user for that parent.
   3. Select RSA SecurID Authentication in the Authentication Type list to use RSA credentials. The RSA SecurID Username box is added to the workflow.
      1. Enter the RSA username to associate with the user account.
         
   4. Click Next to navigate to the Permission/Role tab.
   5. Assign permissions and roles to the user.
   6. Click Submit to add the user.
3. Configure the Options in the investigative application to use RSA SecurID authentication.
   

The configuration is complete.

Test Your Application Integration

Return to OpenText SAFE - RSA Ready Implementation Guide.