Add an Authentication Profile Wizard

Click Add an Authentication Profile on the Third Party Authentication page to display the wizard of the same name and create a new profile for communicating with another application. This wizard comprises six pages:

  • Basic Details — Specify the Profile Name, Description, and Authentication Method (this can be ApiKeyAuthentication, AWS Signature, BasicAuthentication, Client Certificate (mTLS) Authentication, or Open Authorization 2.0).

  • Authentication Parameters — Provide the required credentials for the authentication method you chose.
    If you need an explanation for any of the credentials, refer to authoritative documentation for that authentication method.

    • For ApiKeyAuthentication: Specify the key and the method by which it is sent: QueryParameter, AuthorizationHeader, RequestHeader, or RequestBodyField. You can add multiple RequestHeader keys; this is useful for authenticating with APIs that require different keys for different types of access (such as some APIs used by Datadog). For all methods, you have the option to Include Client Certificate. If you enable this, fields will appear for providing the Client Certificate (PEM Format), Client Private Key, and Passphrase. Disabling the Client Certificate option will clear any information in those fields.

    • For AWS Signature: Choose the Version: AWS Signature Version 4 or AWS Signature Version 4a (multi-region), then type the AWS Access Key ID and AWS Secret Access Key.

    • For BasicAuthentication: Specify the Username and Password.

    • For Client Certificate (mTLS) Authentication: Specify the Client Certificate (PEM Format), Client Private Key, and Passphrase.

    • For Open Authorization 2.0: Choose the Grant Type: Client Credentials or Password.

      • For Client Credentials, specify the Client ID, Client Secret, Authentication URI, and Scope URL. Click Show Advanced Configuration to work with custom parameters, and click Include Custom Parameters in Token Request to specify a key, its value, and its send via method.

      • For Password, specify the Username, Password, Authentication URI, Scope URL, Client ID, and Client Secret. Click Show Advanced Configuration to work with custom parameters, and click Include Custom Parameters in Token Request to specify a key, its value, and its send via method.

      • For both Grant Types, you have the option to Include Client Certificate. If you enable this, fields will appear for providing the Client Certificate (PEM Format), Client Private Key, and Passphrase. Disabling the Client Certificate option will clear any information in those fields.

  • Public or Private Endpoint — Specify whether the destination endpoint is public (the default) or private. If you want to communicate with an endpoint in a private network, click Private endpoint via an authorized Riverbed Edge, and choose an existing authorized Riverbed Edge to enable the communication. The profile can have more than one authorized Riverbed Edge assigned, although only one will be used at a time.

  • Test Query — Define an HTTP query to use for validating communication with the other application. Specify an HTTP method to use and the target URI, as well as the HTTP header and HTTP payload.

  • Verify Response — Execute the test query you defined in the Test Query page by clicking the Run Test Query button. Returned results will be shown in the panel below it. If you specified one or more private endpoints in the Public or Private Endpoint page, you'll need to choose one of the specified ones, here, as the destination of the test query.
    Note: If the Riverbed Edge selected as private endpoint uses a proxy, make certain that proxy is configured appropriately to communicate outside your network.

  • Review — Show a summary of the authentication profile.