Using Multiple Group Entitlements with a Pre-existing Source
For the pre-existing RSA Authentication Manager sources perform the following steps to start using the Multiple Group Entitlements with your current source.
To add RADIUS Profiles to an Existing Source:
-
Use the createSchema API to create new group schema for your source.
Example of API body content for adding RADIUS profiles to an existing source:
CopyBody of the REST API call to add Radius profile schema in existing source for RSA Authentication Manager connector :
{
"displayAttribute": "name",
"identityAttribute": "guid",
"nativeObjectType": "profile",
"objectType": "profile",
"hierarchyAttribute": null,
"includePermissions": false,
"features": [],
"configuration": {},
"name": "profile"
"attributes": [
{
"name": "checkLists",
"type": "string",
"description": "List of attributes to be received to validate the access",
"isMulti": true,
"isEntitlement": false,
"isGroup": false
},
{
"name": "description",
"type": "string",
"description": "description for the RADIUS profile",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "guid",
"type": "string",
"description": "Guid of the RADIUS profile",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "isDangling",
"type": "string",
"description": "Dangling status of RADIUS profile",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "lastUpdatedBy",
"type": "string",
"description": "User ID of the user who updated the RADIUS profile recently",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "lastUpdatedOn",
"type": "string",
"description": "Time when the RADIUS profile was last updated on",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "name",
"type": "string",
"description": "Name by which the RADIUS profile is known",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "returnLists",
"type": "string",
"description": "List of attributes to be returned in case of successful validation",
"isMulti": true,
"isEntitlement": false,
"isGroup": false
},
{
"name": "securityDomain",
"type": "string",
"description": "Security Domain to which RADIUS profile belongs",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
}
]
} -
Navigate to the Account Schema of your source in Identity Security Cloud. Locate the attribute corresponding to the group entitlement and change the type from 'string' to the appropriate group entitlement type.
To add a Token to an Existing Source:
-
Use the createSchema API to create new group schema for your source to add Tokens to an existing source.
Example of API body content for adding Tokens to existing source:
Copy{
"displayAttribute": "serialNumber",
"identityAttribute": "serialNumber",
"nativeObjectType": "token",
"objectType": "token",
"hierarchyAttribute": null,
"includePermissions": false,
"features": [],
"configuration": {},
"name": "token"
"attributes": [
{
"name": "enable",
"type": "boolean",
"description": "Token's enabled status",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "expirationDate",
"type": "string",
"description": "Expiration Date of the token",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "guid",
"type": "string",
"description": "Guid of the token",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "lastLoginDate",
"type": "string",
"description": "Last time when user logged in using the assigned token",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "newPinMode",
"type": "boolean",
"description": "Status indicating whether or not the token is in new PIN mode",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "nextTokenMode",
"type": "boolean",
"description": "Status indicating whether or not the token is in next token mode",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "replacementMode",
"type": "string",
"description": "Token's replacement mode",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "serialNumber",
"type": "string",
"description": "Serial number of token",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
}
]
} -
Update Account Schema with the following steps:
-
Get account schema using getSchema API.
-
Copy the schema to a file and search for attribute corresponding to the group schema that is added in step 1.
-
Add/update below two properties for the attribute found in previous step (2.b.)
Copy"isGroup": true,
"schema": {"type": "CONNECTOR_SCHEMA","id": "<Schema_ID_From_Step1>","name": "
<Name_Of_Schema_Created_In_Step1>"} -
Add the schema modified in step 2.c. to the payload to update account schema in source using replaceSchema API.
-