Documentation

Introduction

Use this guide along with the Adaptive Authentication Tab Configuration guide and either Connecting Exabeam UEBA to SecureAuth IdP (version 9.1 and 9.2) or Connecting SailPoint IdentityIQ to SecureAuth IdP (version 9.1 and 9.2) to configure a SecureAuth IdP realm that uses REST API to perform User Risk analysis.

The REST API Data Store is used only for performing the User Risk Adaptive Authentication function, and must be used in conjunction with a customer's on-premises installation of Exabeam UEBA or Sailpoint IdentityIQ.

Prerequisites
  • An on-premises Exabeam UEBA or Sailpoint IdentityIQ installation
  • A service account with read access (and optional write access) to SecureAuth IdP
  • Configure the Membership Connection Settings in the Data tab of the SecureAuth IdP Web Admin (refer to Data Tab Configuration)
REST API Configuration Steps

Configure the Profile Provider Settings section as follows:

1. Same as Above:

  • Select True if the data store integration settings from the Membership Connection Settings section above are also used in profile connection
  • Select False if that directory is only used for the membership connection

2. Default Profile Provider:

  • If True was selected in Step 1, then this field shows the Datastore Type selected in Membership Connection Settings and is unable to be edited
  • If False was selected in Step 1, then select the type of Datastore that provides the user Profile information
Profile Connection Settings

  • Data Server: Set to REST API (read only)
  • Base URL: The root URL of the data server containing user profile information
  • Get Profile Relative URL: The API endpoint URL used to retrieve user profile information
  • Authentication Method:
    •  Basic

      Generates basic HTTP header containing the authentication credentials

      • Username: A valid credential on the datastore that has permission to access and retrieve user profile information
      • Password: The password associated with Username
    •  OAuth 2.0

      Places a Bearer token in the HTTP request header

      • Bearer: The bearer token value provided by the data service
    •  Cookie

      Creates an authentication cookie and sends it with each request

      • Username: A valid credential on the datastore that has permission to access and retrieve user profile information
      • Password: The password associated with Username
      • Authentication Relative URL: The authentication URL relative to the Base URL

Refer to Data Tab Configuration to complete the configuration steps in the Data tab of the Web Admin

Refer to LDAP Attributes / SecureAuth IdP Profile Properties Data Mapping for information on the Profile Fields section

  • No labels