Skip to main content

REST API as Additional Profile Provider Configuration Guide

Introduction

Use this guide along with the Adaptive Authentication tab configuration guide and either Connecting Exabeam UEBA to SecureAuth IdP or Connecting SailPoint IdentityIQ to SecureAuth IdP to configure a SecureAuth IdP realm that uses REST API to perform User Risk analysis.

Notice

The REST API Data Store is used only for performing the User Risk Adaptive Authentication function, and must be used in conjunction with a customer's on-premises installation of Exabeam UEBA or Sailpoint IdentityIQ.

Prerequisites

  • An on-premises Exabeam UEBA or Sailpoint IdentityIQ installation

  • A service account with read access (and optional write access) to SecureAuth IdP

  • Configure the Membership Connection Settings in the Data tab of the SecureAuth IdP Web Admin (refer to Data Tab Configuration)

REST API Configuration Steps

44833326.png

Configure the Profile Provider Settings section as follows:

1. Same as Above:

  • Select True if the data store integration settings from the Membership Connection Settings section above are also used in profile connection

  • Select False if that directory is only used for the membership connection

2. Default Profile Provider:

  • If True was selected in Step 1, then this field shows the Datastore Type selected in Membership Connection Settings and is unable to be edited

  • If False was selected in Step 1, then select the type of Datastore that provides the user Profile information

Profile Connection Settings

44833339.png

Note

Refer to Connecting Exabeam UEBA to SecureAuth IdP or Connecting SailPoint IdentityIQ to SecureAuth IdP for directory configuration steps

  • Data Server: Set to REST API (read only)

  • Base URL: The root URL of the data server containing user profile information

  • Get Profile Relative URL: The API endpoint URL used to retrieve user profile information

  • Authentication Method:

Note

Refer to Data Tab Configuration to complete the configuration steps in the Data tab of the Web Admin.

Refer to LDAP Attributes / SecureAuth IdP Profile Properties Data Mapping for information on the Profile Properties section.