Connectors & Backup Applications
      Back to home
      1. Bocada Cloud Support Portal
      2. Connectors & Backup Applications

      Which Rubrik Authentication Method Should I Use?

      Learn more about the different authentication methods to connect Bocada Cloud to your Rubrik system

      What Authentication Methods Does Bocada Support to connect to Rubrik?

      Bocada supports three authentication methods offered by Rubrik to connect to the REST API to collect backup data:

      1. Bearer Token
      2. API Token
      3. Rubrik Security Cloud (RSC) service account 

      Starting with Rubrik version 9.4: API authentication must use a client id and secret tied to a Service account created in Rubrik Security Cloud (RSC) to authenticate with cluster APIs.

      Basic authentication (username and password) is less secure than other authentication methods and is no longer supported by Rubrik as a way to connect to its API.

      Bearer Token authentication

      Bearer Token requires user credentials, and Bocada users a Bearer Token derived from those credentials in the API call headers to authenticate. 

      Note: Rubrik version 9.4.x and later, CDM API tokens are deprecated. Instead, use RSC Service Account authentication.

      API Token authentication

      To support MFA requirements governing access to Rubrik Clusters, you can use an API Token. As of the Rubrik 5.0 CDM release, sessions and API Tokens are globally available from any node within the cluster. Enter the API Token value into this field once you have configured it in Rubrik.

      Additional Reference to Rubrik API Token Authentication official documentation

      Note: Rubrik version 9.4.x and later, CDM API tokens are deprecated. Instead, use RSC Service Account authentication.

      RSC Service Account authentication

      Starting with Rubrik version 9.4, API authentication must use a Service Account from the Rubrik Security Cloud (RSC). Bocada uses a Bearer Token derived from those credentials in the API call headers to authenticate. You can refer to Rubrik's documentation for more details. 

      Adding a Service Account in Rubrik Security Cloud

      1. Log in to Rubrik.
      2. Open the app tray and select Settings. The Settings menu appears.
      3. Click Users and Access and select Service Accounts. The Service Accounts page appears.
      4. Click Add Service Account. The Service Account Details page appears.
      5. In Name, type a service account name.
      6. Optional: In Description, type a service account description.
      7. Click Next. The Roles page appears, displaying a list of available roles.
      8. Select the roles to be assigned to the service account.
      9. Click Add. Rubrik displays the Client ID, Client Secret, and the Access Token URI to be used by the client application that owns the service account.
      10. Copy the client credentials and the access token URL to use in Bocada Cloud, and click Done. Alternatively, click Download As JSON to download.

      Which Method Should I choose?

      You should choose the method that best fits your company's security policy. While we support multiple methods to connect to Rubrik for data collection, API Tokens expire and must be updated in the Bocada Cloud connection settings to maintain successful data collection. If you are using Rubrik version 9.4 or later, you must use the Rubrik Security Cloud authentication method. 

      If you have issues connecting to Rubrik after trying one or more of these authentication methods, create a Support Ticket in Bocada Cloud, or contact us.