Identity Bridge Quick Start Guide
  • 17 Nov 2023
  • 4 Minutes to read
  • Dark
    Light

Identity Bridge Quick Start Guide

  • Dark
    Light

Article summary

Identity Bridge: Quick Start Guide

This guide will walk you through the process of creating a connection between RapidIdentity and your local resources using Identity Bridge.

Antivirus Considerations

RapidIdentity Identity Bridge leverages the chisel open source technology by jpillora to create a  secure TCP/UDP tunnel between on premise resources and RapidIdentity Cloud. As an open source networking tool, some malware programs have also leveraged jpillora/chisel and, as a result, several antivirus solutions have falsely labeled it and all software programs using it as also being malware.

To avoid any unnecessary disruption in service, customers should configure their windows and network antivirus and intrusion prevention programs to exclude the chisel.exe file in the /Identity Automation/Identity Bridge Agent/ folder and the Bridge Host URL that is associated with each configured bridge.

Important

An Administrator assigned the "Tenant Admin" role in the RapidIdentity Portal is required to access Identity Bridge configuration options.

There are four main steps to set up a new bridge:

  1. Configure the Identity Bridge Agent settings in RapidIdentity.
  2. Download and Install .NET 6.0 framework from Microsoft (ASP.NET Core Runtime and .NET Desktop Runtime).
  3. Install the Identity Bridge Agent Service on the local server.
  4. Add a bridge in RapidIdentity to provide access to an on-premise resource.

System Requirements

To install and run the Identity Bridge agent on a Windows server, you must have the following specifications available:

Identity Bridge System Requirements

System Element

Requirement

CPU

1.4GHz

Memory

2GB

HDD

10GB

Network

10Mbps (Tested down to 1Mbps)

OS

Windows Server 2016 or higher

.NET 6.0ASP.NET Core and .NET Desktop Runtime

Configure the Identity Bridge Agent Settings in RapidIdentity

  1. From the Configuration module, select Identity Bridge from the Systems menu.
  2. Click Add Agent + either in the workspace or the upper right-hand action button.
  3. In the General Settings section, enter a Name and Description for the bridge.
    1. Select Enable Proxy to allow the configuration of the internet proxy connections if required by the local system service to connect to the internet.
  4. Click Save.
  5. Copy the Registration Code that appears in the information box at the top of the General Settings screen.

Important: This code is required when installing the agent software.

Download and Install .NET 6.0 framework from Microsoft

The on-premise server must support the .NET 6 framework before installing the Identity Bridge Agent. Follow the instructions below to download and install .NET 6 from Microsoft which includes both the ASP.NET Core Runtime and the .Net Desktop Runtime.

  1. ASP.NET Core Runtime
    1. From the local server go to the Microsoft .NET download page.
    2. Download and run the ASP.NET Core Runtime x64 installer.
    3. Once you agree to the license terms and conditions, click "Install"
    4. After the install completes you will receive confirmation that the install was successfully completed.
  2. .NET Desktop Runtime
    1. Download and run the .NET Desktop Runtime x64 installer.
    2. You will receive confirmation when the install is complete.

Install the Identity Bridge Agent Service on the Local Server

Note
No inbound ports are required to be opened for the Identity Bridge agent installed on-premises. The only outbound port that needs to be allowed through firewalls for the agent is TCP 443.

In Addition, we recommend that best practices for administering a Windows Member server are applied.

This should include but are not limited to:
  1. Restricting local & remote access to only administrators of the solution
  2. Using firewalls on the computer to limit communication inbound/outbound only to necessary components
  3. Apply machine intrusion detection & prevention solutions to prevent file tampering.
  4. Capture and review the audit logs on the computer and look for sensitive events.


  1. From the Configuration module, select Identity Bridge from the Systems menu.
  2. Click Download Installer from the action buttons at the bottom of the screen to download the RapidIdentity Identity Bridge Agent to your local server. You can also download the Installer via the link below.


   3. Locate the download on the local server and run IdentityBridgeAgent.exe.

   4. The Identity Bridge Agent Setup Wizard will launch.

    5. Click Install.

    6. In Tenant Information, enter the Tenant URL and Registration Code. The Registration Code will match the code provided in Step 5 of the "Configure the Identity Bridge Agent Settings in RapidIdentity" section.

    7. Click Next.

    8. Click Finish.
       Note: The connection should now be established with the RapidIdentity Identity Bridge Agent.

    9. Return to the Identity Bridge section in the Configuration Module. The newly added Agent tile in the workspace will display the connection status.

  10. If a "Heartbeat" status was returned, the connection is successful.

Add a Bridge in RapidIdentity to Provide Access to an On-premise Resource

  1. From the Configuration module, select Identity Bridge from the Systems menu.
  2. Click Details from the recently added agent tile.
  3. In the Agent Details, scroll down to the Bridges section. After the Agent has been successfully installed, the option to Add Bridge is now available.
  4. Click Add Bridge and enter the Name, On-Premise Host IP address, and On-Premise Port information in the Add Bridge details.
    Example: If I am trying to connect to an Active Directory DC with an IP Address of 1.2.3.4 on port 636, then I would use the following settings when adding the bridge: Name: active-directory. On-Premise Host/IP: 1.2.3.4. On-Premise Port: 636.

  5. The On-Premise Host IP address and the On-Premise Port information are from the system on which the Agent is being installed. For example, if the service being bridged is a database that is accessible from the Agent server as "database.local" on "port 5432," then choose those values.
  6. Click Save.
  7. The ability to test or delete the bridge will become available after the bridge is successfully deployed. There are several available statuses:
    1. Deploying: Initial status when the bridge is first saved
    2. Deployed: The status after the bridge is successfully deployed
    3. Destroying: The status while the bridge is being removed from the list
  8. After the bridge has been successfully deployed, select the bridge from the Bridges list and click Test Bridge.
  9. The successfully created bridge will register the configuration information in the Test window.

Was this article helpful?