API configuration
Introduction
After the Post Authentication tab is configured to target the endpoint, the API tab must be configured in the Web Admin to specify the type of endpoint to be configured:
Authentication
Identity Management
Login for Endpoints
SecureAuth IdP APIs use GET and POST / PUT HTTP requests in adherence with RESTful programming best practices. These endpoints enable secure end-user authentication and Identity Management (IdM) operations within the context of custom software applications. The Login for Endpoints API lets end-users log onWindows / Mac workstations on the network using a valid Multi-Factor Authentication method.
What's new in SecureAuth IdP version 9.3
Updates to the Adaptive Authentication API endpoints to support the machine learning user risk score calculation feature.
Prerequisites
SecureAuth IdP v9.3.
SecureAuth IdP realm or integrated application with the following configured:
Overview tab
Data tab / Directory integration
Workflow tab
Multi-Factor Methods tab
Post Authentication tab
Logs tab
Notice
On the New Experience user interface in version 9.3, you can configure an Active Directory integration or SQL Server integration to be applied to applications made from App onboarding library templates. Configure the remaining components – for example, Workflow, Multi-Factor Methods, and Adaptive Authentication tabs – on the Classic Experience user interface.
SecureAuth IdP Web Admin - Classic Experience configuration
API tab
API Key section
1. Check Enable API for this realm for using SecureAuth IdP APIs on this realm.
This option acts as a global on / off switch for APIs on the realm, but the specific options in the API Permissions section below must also be checked to use Authentication, IdM, and Login for Endpoints APIs.
If the Enable API for this realm option is selected but none of the API Permissions options below are checked, then the end-user can only access the dfp and js endpoints (see Authentication API guide).
2. Under API Credentials click Generate Credentials to generate a unique Application ID and Application Key for the realm.
These values communicate with SecureAuth API endpoints and are included in the application headers to make calls to the endpoints.
 |
API Permissions section
Authentication
3. Check Enable Authentication API to let this realm use Authentication API endpoints.
4. Enable either Identity Management or Login for Endpoints API configuration options defined below.
Identity Management
To configure the Identity Management (IdM) API, enable the option(s) to be used:
Check User Management - add / update / retrieve users and their properties to enable to following user management capabilities:
Retrieve User Profile
Update User Profile
Create User
Check Administrator-initiated Password Reset to enable admins to send an end-user a new password requested via an application
Check User Self-service Password Change to enable end-users to change their own password, which requires the current password before a password change is allowed
Check User and Group Association (LDAP) to enable userID and groupID associations to be made within an LDAP directory
Four association methods are available with this option:
Single user to single group
Single user to multiple groups
Single group to single user
Single group to multiple users
Login for Endpoints
To configure the Login for Endpoints API, check Enable Login for Endpoints API and then click Configure Login for Endpoints Installer.
Use the Login for Endpoints Installer Configuration page to configure the API endpoint for Windows or Mac workstations on the network which end-users can access via a valid multi-factor authentication method.
The following shows the Login for Endpoints Installer Configuration page for sites running SecureAuth IdP version 9.2 or 9.3:
 |
The following shows the Login for Endpoints Installer Configuration page for sites running the SecureAuth® Identity Platform version 19.07 or later:
 |