REST API as Additional Profile Provider Configuration Guide

Introduction

Use this guide along with the Adaptive Authentication tab configuration guide and either Connecting Exabeam UEBA to SecureAuth IdP or Connecting SailPoint IdentityIQ to SecureAuth IdP to configure a SecureAuth IdP realm that uses REST API to perform User Risk analysis.

Notice

The REST API Data Store is used only for performing the User Risk Adaptive Authentication function, and must be used in conjunction with a customer's on-premises installation of Exabeam UEBA or Sailpoint IdentityIQ.

Prerequisites

An on-premises Exabeam UEBA or Sailpoint IdentityIQ installation
A service account with read access (and optional write access) to SecureAuth IdP
Configure the Membership Connection Settings in the Data tab of the SecureAuth IdP Web Admin (refer to Data Tab Configuration)

REST API Configuration Steps

Configure the Profile Provider Settings section as follows:

1. Same as Above:

Select True if the data store integration settings from the Membership Connection Settings section above are also used in profile connection
Select False if that directory is only used for the membership connection

2. Default Profile Provider:

If True was selected in Step 1, then this field shows the Datastore Type selected in Membership Connection Settings and is unable to be edited
If False was selected in Step 1, then select the type of Datastore that provides the user Profile information

Profile Connection Settings

Note

Refer to Connecting Exabeam UEBA to SecureAuth IdP or Connecting SailPoint IdentityIQ to SecureAuth IdP for directory configuration steps

Data Server: Set to REST API (read only)
Base URL: The root URL of the data server containing user profile information
Get Profile Relative URL: The API endpoint URL used to retrieve user profile information
Authentication Method:
- Basic
  Generates basic HTTP header containing the authentication credentials
  Username: A valid credential on the datastore that has permission to access and retrieve user profile information
  Password: The password associated with Username
- OAuth 2.0
  Places a Bearer token in the HTTP request header
  Bearer: The bearer token value provided by the data service
- Cookie
  Creates an authentication cookie and sends it with each request
  Username: A valid credential on the datastore that has permission to access and retrieve user profile information
  Password: The password associated with Username
  Authentication Relative URL: The authentication URL relative to the Base URL

Note

Refer to Data Tab Configuration to complete the configuration steps in the Data tab of the Web Admin.

Refer to LDAP Attributes / SecureAuth IdP Profile Properties Data Mapping for information on the Profile Properties section.

In this section:

REST API as Additional Profile Provider Configuration Guide

Introduction

Notice

Prerequisites

REST API Configuration Steps

Profile Connection Settings

Note

Note

Search results