Add an Authentication Profile Wizard

Click Add an Authentication Profile on the Third Party Authentication page to display the wizard of the same name and create a new profile for communicating with another application. This wizard comprises six pages:

  • Basic Details — Specify the Profile Name, Description, and Authentication Method (this can be Api Key Authentication, AWS Signature, BasicAuthentication, Client Certificate (mTLS) Authentication, or Open Authorization 2.0).

  • Authentication Parameters — Provide the required credentials for the authentication method you chose.
    If you need an explanation for any of the credentials, refer to authoritative documentation for that authentication method.

    • For Api Key Authentication: Specify the key and the method by which it is sent: Query Parameter, Authorization Header, Request Header, or Request Body Field. You can add multiple RequestHeader keys; this is useful for authenticating with APIs that require different keys for different types of access (such as some APIs used by Datadog). For all methods, you have the option to Include Client Certificate. If you enable this, fields will appear for providing the Client Certificate (PEM Format), Client Private Key, and Passphrase. Disabling the Client Certificate option will clear any information in those fields.

    • For AWS Signature: Choose the Version: AWS Signature Version 4 or AWS Signature Version 4a (multi-region), then type the AWS Access Key ID and AWS Secret Access Key.

    • For Basic Authentication: Specify the Username and Password.

    • For Client Certificate (mTLS) Authentication: Specify the Client Certificate (PEM Format), Client Private Key, and Passphrase.

    • For OAutho 2.0 (Open Authorization 2.0): Choose the Grant Type: Client Credentials, Password, or JWT Bearer.

      • For Client Credentials, specify the Client ID, Client Secret, Authentication URI, and Scope URL. Click Show Advanced Configuration to work with custom parameters, and click Include Custom Parameters in Token Request to specify a key, its value, and its send via method.

      • For Password, specify the Username, Password, Authentication URI, Scope URL, Client ID, and Client Secret. Click Show Advanced Configuration to work with custom parameters, and click Include Custom Parameters in Token Request to specify a key, its value, and its send via method.

      • For JWT Bearer, specify the JWT claim set and the server URI where to send the token. Some standard claims (iss, exp, and aud) and a client certificate are required

      • For all Grant Types, you have a configuration to Include a Client Certificate. It is only required for JWT Bearer Grant Type. If you enable this, fields will appear for providing the Client Certificate (PEM Format), Client Private Key, and Passphrase. Disabling the Client Certificate option will clear any information in those fields.

    • For Token-Based Authentication: authentication is done in two steps:

      1. Request an access token. Requesting an access token requires the token URL, the method used to send the secret (via Authorization header, request header, or request body), and the field name in the response body that contains the access token.

      2. Authenticate using the access token. Send in either the authorization header or a request header.

  • Public or Private Endpoint — Specify whether the destination endpoint is public (the default) or private. If you want to communicate with an endpoint in a private network, click Private endpoint via an authorized Riverbed Edge, and choose an existing authorized Riverbed Edge to enable the communication. The profile can have more than one authorized Riverbed Edge assigned, although only one will be used at a time.

  • Test Query — Define an HTTP query to use for validating communication with the other application. Specify an HTTP method to use and the target URI, as well as the HTTP header and HTTP payload.

  • Verify Response — Execute the test query you defined in the Test Query page by clicking the Run Test Query button. Returned results will be shown in the panel below it. If you specified one or more private endpoints in the Public or Private Endpoint page, you'll need to choose one of the specified ones, here, as the destination of the test query.
    Note: If the Riverbed Edge selected as private endpoint uses a proxy, make certain that proxy is configured appropriately to communicate outside your network.

  • Review — Show a summary of the authentication profile.