Configuring authentication
User authentication is carried out on the API Server for each API project.
Authentication has two steps:
-
Required primary authentication: Default authentication through an authentication module
-
Optional secondary authentication: Multi-factor authentication (by OneLogin)
For more information about authentication, see the One Identity Manager API Development Guide and the One Identity Manager Authorization and Authentication Guide.
Detailed information about this topic
Configuring primary authentication with single sign-on
You can configure single sign-on authentication for API projects with the Administration Portal. In this case, a separate request to the imx/login method is not required.
Required configuration key:
TO configure primary authentication with single sign-on
-
Log in to the Administration Portal (see Logging in to the Administration Portal).
-
In the navigation, click Configuration.
-
On the Configuration page, in the Show configuration for the following API project menu, select the API project that you want configure with single sign-on authentication.
-
Expand the Single sign-on authentication modules configuration key.
-
Click New.
-
In the menu, select the authentication module you want to use.
TIP: You can specify additional authentication modules. To do this, click New.
-
Click Apply.
-
Perform one of the following actions:
-
If you want to apply the changes locally only, click Apply locally.
-
If you want to apply the changes globally, click Apply globally.
-
Click Apply.
Configuring authentication tokens
Users receive an authentication token after they have been successfully authenticated on a web application. User do not have to repeat the authentication as long as this token is valid.
Required configuration key:
-
Persistent authentication tokens (AuthTokensEnabled): Specifies whether to use persistent authentication tokens that are stored between sessions.
-
Persistent authentication token lifetime (in minutes) (AuthTokensLifetimeMinutes): Specifies how long persistent authentication tokens are valid.
To configure the use of authentication tokens.
-
Log in to the Administration Portal (see Logging in to the Administration Portal).
-
In the navigation, click Configuration.
-
On the Configuration page, in the Show configuration for the following API project menu, select the imx API project.
-
Configure the following configuration keys:
-
Persistent authentication tokens: Specify whether to use persistent authentication tokens. To do this, activate or deactivate the corresponding check box.
-
Persistent authentication token lifetime (in minutes): Specify how long persistent authentication tokens are valid. Once the token lifetime has expired, the user must authenticate again.
-
Click Apply.
-
Perform one of the following actions:
-
If you want to apply the changes locally only, click Apply locally.
-
If you want to apply the changes globally, click Apply globally.
-
Click Apply.
Changing encryption
You can change the encryption used for data by choosing another encryption certificate.
To change the encryption certificate
-
In the API Server's installation directory, open the web.config file.
NOTE: If the file is encrypted, decrypt it first.
-
Change the value of the certificatethumbprint property to the thumbprint of the certificate you want to use.
-
Save your changes to the file.
NOTE: If the file was encrypted beforehand, encrypt it again.