This section provides you with information about configuring the API.
This section provides you with information about configuring the API.
You can configure single sign-on authentication for API projects with the Administration Portal. In this case, a separate request to the imx/login method is not required.
NOTE: You can configure authentication for the Operations Support Web Portal using the appropriate API project (see Configuring authentication for the Operations Support Web Portal).
TO configure primary authentication with single sign-on
In your internet browser, open the your API Server's webpage.
On the overview page, click Administration Portal.
On the login page, select which authentication method you want to use to log in to the Administration Portal.
Enter your user name and password.
Click Connect.
In the navigation, click Configuration.
On the Configuration page, in the Show configuration for the following API project menu, select the API project that you want configure with single sign-on authentication.
In the search box, enter Single sign-on authentication modules.
Expand the Single sign-on authentication modules configuration key.
Click New.
In the menu, select the authentication module you want to use.
TIP: You can specify additional authentication modules. To do this, click New.
Click Apply.
Perform one of the following actions:
If you want to apply the changes locally only, click Apply locally.
If you want to apply the changes globally, click Apply globally.
Click Apply.
You can use the Authentication node in the API Designer definition tree view to specify how users can log in to the Operations Support Web Portal.
There are three authentication options that you can configure:
Standard: Only the authentication methods you list here are allowed. You can also enable single sign-on for this method.
Allow all manual modules: All manual authentication modules are allowed, provided they are enabled for the selected product. You can also enable single sign-on for this method.
Fixed credentials: This setting allows you to log in to the API with stored login credentials. To use this option, the login data must be stored in the web.config files on each API server.
To set the permitted manual authentication options
Start the API Designer program.
In the menu bar, click View > Navigation.
Click API projects in the navigation.
In the tree structure, double-click the API project to be edited.
In the Definition tree view, click the node (Authentication).
Click View > Node editor on the menu bar.
In the node editor view, perform the following actions:
In the Authentication type menu, select Standard.
Enter a unique ID for the node in the Control ID field.
(Optional) In the Authentication properties field, enter the properties for the authentication. For more information about the authentication modules, see the One Identity Manager Configuration Guide.
(Optional) If authorizations for users are controlled by a product, enable the Product option and select the required product in the selection list.
In the definition tree view, expand the node (Authentication).
Right-click the node (Manual authentication modules.
Click Authentication module in the context menu.
The Authentication module node is placed as a child to the node.
Click the Authentication module node.
In the node editing view, select the required authentication module from the Name selection list. For more information about the authentication modules, see the One Identity Manager Configuration Guide.
Enter a unique ID for the node in the Control ID field.
Repeat steps 8 to 12 until to add each authentication method you wish to use.
In the menu bar, click (Save).
To permit all manual authentication options
Start the API Designer program.
In the menu bar, click View > Navigation.
In the navigation, click (API projects).
In the tree structure, double-click the API project to be edited.
In the Definition tree view, click the node (Authentication).
Click View > Node editor on the menu bar.
In the node editor view, perform the following actions:
In the Authentication type selection list, select Allow all manual modules.
Enter a unique ID for the node in the Control ID field.
(Optional) In the Authentication properties field, enter the authentication properties.
(Optional) Enable the Product option and select the product from the list.
In the menu bar, click (Save).
Start the API Designer program.
In the menu bar, click View > Navigation.
In the navigation, click (API projects).
In the tree structure, double-click the API project to be edited.
In the definition tree view, expand the node (Authentication).
Right-click the Authentication modules for single sign-on node.
NOTE: This node is only available if you have manually specified the authentication options yourself or you have permitted manual authentication options.
Click Authentication module in the context menu.
The Authentication module node is placed as a child to the node.
Click the Authentication module node.
Click View > Node editor on the menu bar.
In the node editing view, select the required authentication module from the Name selection list. For more information about the authentication modules, see the One Identity Manager Configuration Guide.
In the menu bar, click (Save).
To approve a login with stored login data, perform the following two steps:
Store the credentials of the users with access in each of the API server's web.config file.
Configure authentication in the API Designer's API project.
To store login data in the API Server
Open the web.config file in a text editor.
(Optional) If the file is encrypted, decrypt the file.
In the <connectionStrings> section, add the following entry:
<add name="sub:<NAME>" connectionString="Module=DialogUser;User=<USER>;(Password)Password=<PASSWORD>" />
<NAME> stands for the name/ID of the API project.
<USER> stands for the login name of the user.
<PASSWORD> stands for the user's password.
Save your changes to the file.
(Optional) encrypt the file.
To configure the login with the saved login data on the API project
Start the API Designer program.
In the menu bar, click View > Navigation.
In the navigation, click (API projects).
In the tree structure, double-click the API project to be edited.
In the Definition tree view, click the node (Authentication).
Click View > Node editor on the menu bar.
In the node editor view, perform the following actions:
In the Authentication type selection list, select Fixed credentials.
Enter a unique ID for the node in the Control ID field.
(Optional) In the Authentication properties field, enter the authentication properties.
(Optional) Enable the Product option and select the product from the list.
In the menu bar, click (Save).
You can change the encryption used for data by choosing another encryption certificate.
To change the encryption certificate
Connect to your API Server.
Open the web.config file in a text editor.
(Optional) If the file is encrypted, decrypt the file.
Change the value of the certificatethumbprint property to the thumbprint of the certificate you want to use.
Save your changes to the file.
(Optional) encrypt the file.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center