Quick Setup Guide - Connect Governance & Lifecycle to Cloud Access Service
This guide helps you to connect the RSA Governance & Lifecycle (G&L) instance to the RSA Cloud Access Service (CAS) server and establish a trust relationship between them, enabling subsequent bi-directional integrations.
What You Need to Have
You need to have the following details:
Registration Code
Registration URL
Generate the Registration Code and URL to Connect G&L to CAS
You need a registration code and URL to enter into the G&L instance to establish the connection between G&L and CAS. To generate this code and URL, perform the following steps.
Procedure
In the Cloud Administration Console, click Platform > Governance & Lifecycle.
Click Generate Code.
The Registration Code is generated.Copy the values from the Registration Code and URL fields and save them securely on your computer.
(Optional) Select a Network Zone from the drop-down list.
Connect G&L to CAS
You need to connect a G&L instance to the CAS server to establish a bi-directional trust relationship. To connect them, perform the following steps.
Procedure
Log in to RSA Governance and Lifecycle.
Navigate to Admin > IDPlus Connect, and then click Create IDPlus Application.
On Page 1 (Help page), click Next.
On Page 2 (Register RSA G&L with RSA Cloud Authentication Service), enter the following details:
Application Name: Provide a name for the CAS server that you are connecting to.
Registration URL: Paste the URL copied from the Cloud Administration Console.
Registration Code: Paste the code copied from the Cloud Administration Console.
Click Connect to the RSA Cloud Authentication Service.
A message appears stating "Connection Successful".
On successful registration, do the following.
Select the Create Collector checkbox to create an ADC collector.
Select the User Sync with IDPlus checkbox to onboard the new user to the IDPlus application.
Enter the IDPlus Lookup Api and click Next.
On Page 2 (Connection), provide the following details:
Enter Base URL.
Select OAuth2 from the User Authentication Type drop-down list.
Enter Client ID, Client Secret, Authentication URL, and Access Token URL.
Click Get OAuth 2.0 Access Token.
Click Next.
On Page 3 (Select types of account data to collect), select Accounts and click Next.
On Page 4 (Configuration of Account collection), do the following.
Enter the Request Parameters.
Enter the Header Name and Header Value in the given fields.
Enter the Response Path for the Collector Mapping Parameters.
To check the records, click Test Rest API - 1.
Click Next.
On Page 6 (Map Collector Attributes to Account Attributes), do the following.
In the User Reference drop-down list, select AccountId.
Click Next.
A confirmation page appears for the Create IDPlus Application.
On Page 7 (Edit User Resolution Rules), do the following.
Click Add More, and then click Next.
Review the details and click Finish.
IDPlus Application has been created and displayed on the Admin > IDPlus Connect page.
Click the IDPlus Application displayed under the Application Name.
To collect the accounts, do the following.
Navigate to Collectors and click the ADC collector.
Click Test.
The collected accounts are displayed on the Accounts page.
Test the Lookup API
To test the Lookup API, perform the following steps.
Procedure
Add a new user.
On the home page, navigate to Collectors > Identity Collection.
To run the Identity Collection, do the following.
Select the Collector.
Click the Collect Identity button.
You can monitor the collection on the Monitoring page.
Delete the IDPlus/CAS Application and Collectors
Perform the following steps to remove the IDPlus/CAS application and its associated collectors from G&L.
Before you begin
Ensure you are logged in to the G&L application with the administrative privileges.
Procedure
Navigate to Admin > IDPlus Connect.
Select the IDPlus/CAS application that you want to delete.
On the Collectors tab, select IDPlus_ADC collector and click Deactivate.
After deactivation, click the Delete icon present at the right corner of the application to remove the collector.
Return to the General tab of the IDPlus/CAS application.
Click Delete to remove the application.
Configure the Remote Agent with CAS
Perform the following steps to configure the remote agent with CAS.
Procedure
Download the certificate from the CAS server.
Login to G&L application and navigate to Admin > User Interface > Files.
Select the SSL certificate files.
Upload the IDPlus certificate file and click OK.
Download the keystore files from the remote agent.
Replace the existing client.keystore file with the newly downloaded file in the remote agent .
Restart the remote agent.
Troubleshooting
If the IDPlus/CAS application is deleted before the collector is removed, then the collector may remain in the database and needs to be removed manually.
Before you begin
Ensure you have access to the correct database schema depending on your deployment type:
Cloud Customers: Navigate to Admin > System > SQL Utility within the application UI and ensure the avuser schema is selected.
On-Premise Customers: Access the database directly using a tool such as sqlplus or SQLDeveloper and ensure the avuser schema is selected.
Procedure
Perform the following steps to manually remove the collector.
Run the following query and locate the associated ADC collector to identify the record.
SELECT * FROM t_oauth2_record WHERE CLIENT_ID = <Client_ID_Here> And TOKEN_URL = <Insert_URL_Here>;
From the results, identify the specific ID and respective token URL of the orphaned ADC collector to locate the client ID.
Run the following deletion command using the client ID and token URL identified in the previous step to delete the record.
DELETE FROM t_oauth2_record WHERE CLIENT_ID = <Client_ID_Here> And TOKEN_URL = <Insert_URL_Here>;
Run the following query to commit the changes.
DELETE FROM t_oauth2_record WHERE CLIENT_ID = 'glAdminClientId' and token_url='https://voyager-karma-gp8-ngx.auth-dev.securid.com/oauth/token';
Note: In the preceding query, replace <Client_ID_Here> and <Insert_URL_Here> with the actual client ID and token URL found in Step 2.
Related Articles
RSA Via Lifecycle and Governance 7.0 installation looping when running Oracle Cluster Verification Utility (CVU) cluvfy/ru… Number of Views RSA Announces the Availability of RSA Identity Governance Lifecycle 7.0.2 Patch 11 Number of Views RSA SecurID 3.0 Software Token Quick Start Guide (Italian) Number of Views RSA Governance & Lifecycle SaaS - Deploying the Remote Collection Agent Number of Views How to run a Report showing Failed Authentication Attempts in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide Download RSA SecurID Access Cloud Administration audit logs using Cloud Administration REST API CLU
