Previous Topic: Configure and Apply an Authentication SchemeNext Topic: Add Rules to the Policy

Single Sign-On ServiceSSO Getting Started GuideSSO Using Advanced Authentication and Provisioning for a Sensitive ApplicationConfigure and Apply an Authentication SchemeConfigure a Realm and a Rule for the Resource

Configure a Realm and a Rule for the Resource

A realm groups resources that have similar security requirements and share a common authentication scheme. In the tenant domain, create a realm for each authentication scheme that the tenant administrator wants to use.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

Follow these steps:

  1. Log in to the CSP console.
  2. Select Policies, Domain, Realms.

    The Realms screen opens.

  3. Click Create Realm.
  4. Select the tenant domain that you want to modify, and then click Next.

    Note: The tenant domain name is in the tenant-tagDomain format.

  5. Type a name and description for the realm.

    Specify a name that indicates that the realm is for an authentication URL.

  6. Click Lookup Agent/Agent Group.
  7. Select cam-agent from the list of agents, and then click OK.
  8. Specify the resource filter for the authentication scheme. This scheme must tie in to the authentication method chosen in the User Console.
    ArcotID OTP

    For environments created in CA CloudMinder 1.51 or later:

    /chs/redirect/tenant_tag/arcototp

    For environments created before CA CloudMinder 1.51:

    /affwebservices/<tenant-name>/arcototp.jsp

    ArcotID OTP with Risk

    For environments created in CA CloudMinder 1.51 or later:

    /chs/redirect/tenant_tag/arcototprisk

    For environments created before CA CloudMinder 1.51:

    /affwebservices/<tenant-name>/arcototprisk.jsp

    ArcotID PKI

    For environments created in CA CloudMinder 1.51 or later:

    /chs/redirect/tenant_tag/arcotid

    For environments created before CA CloudMinder 1.51:

    /affwebservices/<tenant-name>/arcotid.jsp

    ArcotID PKI with Risk

    For environments created in CA CloudMinder 1.51 or later:

    /chs/redirect/tenant_tag/arcotidrisk

    For environments created before CA CloudMinder 1.51:

    /affwebservices/<tenant-name>/arcotidrisk.jsp

    tenant_tag is a unique identifier for a tenant. You specify the tag when deploying a tenant environment in the CSP console. To view a list of tags, select the Tenants tab.

  9. Complete the remaining fields:
    Default Resource Protection

    Protected

    Authentication Scheme

    Select the authentication scheme that corresponds to the resource filter.

  10. Create a rule as follows:
    1. Click Create in the Rules area.

      The Create Rule screen opens.

    2. Enter a name and description for the rule.
    3. Enter the asterisk (*) in the Resource field.
    4. Select Get and Post from the Action list.
    5. Accept the defaults for the remaining settings, and then click OK.

      The rule is created.

  11. Specify the session properties.

    Note: Click Help for information about these properties.

  12. Skip the other configuration options.
  13. Click Finish.

    The realm is configured.