SailPoint IdentityIQ 8.1 - SecurID Admin SDK with AM Configuration - SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-08-27

SecurID Admin SDK with AM

SailPoint IdentityIQ 8.1 - SecurID Admin SDK with AM Configuration - SecurID Access Implementation Guide

This section describes how to integrate SailPoint IdentityIQ with RSA Authentication Manager using SecurID Authentication API.

 

Configure RSA Authentication Manager

Prerequisites

You must complete the following prerequisites on your IdentityIQ host to configure RSA Authentication

Manager API security settings. Consult your RSA Authentication Manager Developer’s Guide for version specific instructions.

  1. Set the required Java system properties.

  2. Set the required system environment settings.

  3. Export the root certificate from the RSA Authentication Manager server.

  4. Import the server root certificate (Java) the local cacerts keystore.

 

Procedure

  1. Set the command line Client User Name and Password. When you install RSA Authentication Manager, the system creates a user name and password for securing API connections to a command server. Follow the procedure below to obtain the command client user name and password from RSA Authentication Manager.

    1. Open a command prompt on your RSA Authentication Manager host, change directories to RSA_AM_HOME/utils and enter the following command: rsautil manage-secrets --action list

    2. When prompted, type your Operations Console username and password. (You created the Operations Console username and password when you configured RSA Authentication Manager.) The system will display the list of your internal system passwords.

    3. Locate the values for your command client user name and password.
      For example:

      Command Client User Name .................: CmdClient_ys0x7d41

      Command Client User Password .............: e9SHbK0W4i

  2. Create an RSA Authentication Manager Account for Connector Operations.

    1. The connector requires an RSA Authentication Manager administrative user account with special permissions in order to perform aggregation and provisioning operations. Refer SailPoint IdentityIQ RSA Authentication Manager Connector guide for relevant permissions.

 

Configure SailPoint IdentityIQ

Perform these steps to configure SailPoint IdentityIQ as an authentication API client to RSA Authentication Manager. You must define each application in your enterprise. Specify the connection properties, relevant attributes, targets and aggregation rules for each application. Follow the steps 2-12 below to create a new application.

Procedure

    1. For PIN Reset requirements perform the following steps to add a quick link on the dashboard and configure the workflow.

      1. Ensure to import the open a command prompt on the IdentityIQ host machine.

      2. Navigate to the identityiq web application’s WEB-INF\bin directory.

      3. Execute following command to launch the IdentityIQ console iiq console.

      4. Execute following command to import the workflow_RSA_PIN_Reset.xml configuration file import workflow_RSA_PIN_Reset.xml

    2. Login to IdentityIQ as a superadmin user.

      Admin_Dharani_0-1630094294877.png

       

    3. Select the Define tab and click the Add New Application button.

    4. Choose a unique name to identify the application and enter it into the Name field.

    5. Enter the name of the application’s owner in the Owner field.

      Admin_Dharani_1-1630094322205.png

       

    6. Select RSA Authentication Manager – Direct from the Application Type dropdown list.

      Admin_Dharani_2-1630094356668.png

       

    7. In the Configuration tab enter the information for the following:

ParameterValue

Host

The RSA Authentication Manager host.
PortThe port to use to connect to RSA Authentication Manager. Default: 7002.
AdministratorThe account that has permission to connect to the RSA Authentication Manager resource remotely.
PasswordPassword of the Administrator account.
Command Client UserThe command client user name.
Command Client PasswordCommand Client Password corresponding to the Command Client User
RealmName of the Realm to manage. By default, if the Realm name is not modified you can specify the name as SystemDomain.
Identity Source

Identity Source name linked to the Realm.

By default, you can use Internal Database as the Identity Source name if that is the only RSA Authentication Manager you want to manage.

Else, it can be any external database that you configured in the RSA.

Security DomainName of the security domain to manage.
Search SubdomainWhether or not to manage the subdomain, when the parent security domain is specified for Security Domain field
Page SizeLimit to fetch number of accounts or groups per iteration through RSA Authentication Manager. Default: 500.

    1. Enter the server’s hostname and API connection port number in the Host and Port fields.

    2. Enter your RSA Authentication Manager administrator’s username and password in the Administrator and Password fields.

    3. Enter the RSA Command Client User’s username and password in the Command Client Username and Command Client Password fields.

    4. Enter the name of the RSA Authentication Manager realm you will manage in the Realm field and the realm’s identity source name in the Identity Source field.

    5. Enter the name of the security domain you will manage in the Security Domain field. If you would like to manage its sub domains as well, check the Search SubDomains checkbox.

      Admin_Dharani_3-1630094385017.png

       

  2. Save Changes.

Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the SecurID Authentication API configuration to your use case.

Related Articles

Trending Articles

Don't see what you're looking for?