To configure RSA Adaptive Authentication on the service, you enable RSA Adaptive Authentication; select the adaptive authentication methods to apply, and add the Active Directory connection information and certificate.

Prerequisites

  • RSA Adaptive Authentication correctly configured with the authentication methods to use for secondary authentication.
  • Details about the SOAP endpoint address and the SOAP user name.
  • Active Directory configuration information and the Active Directory SSL certificate available.

Procedure

  1. In the admin UI Configure Manually section, click Select.
  2. In the General Settings Authentication Settings section, click Show.
  3. Click the gearbox in the RSA Adaptive Authentication line.
  4. Select the appropriate settings for your environment.
    Note: An asterisk indicates a required field. The other fields are optional.
    Option Description
    Enable RSA AA Adapter Change NO to YES to enable RSA Adaptive Authentication.
    Name* The name is rsaaa-auth.
    SOAP Endpoint* Enter the SOAP endpoint address for integration between the RSA Adaptive Authentication adapter and the service.
    SOAP Username* Enter the user name and password that is used to sign SOAP messages.
    SOAP Password* Enter the RSA Adaptive Authentication SOAP API password.
    RSA Domain Enter the domain address of the Adaptive Authentication server.
    Enable OOB Email Select YES to enable out-of-band authentication that sends a onetime passcode to the end user by way of an email message.
    Enable OOB SMS Select YES to enable out-of-band authentication that sends a onetime passcode to the end user by way of a SMS text message.
    Enable SecurID Select YES to enable SecurID. Users are asked to enter their RSA token and passcode.
    Enable Secret Question Select YES if you are going to use enrollment and challenge questions for authentication.
    Number Enrollment Questions* Enter the number of questions the user will need to setup when they enroll in the Authentication Adapter server.
    Number Challenge Questions* Enter the number of challenge questions users must answer correctly to login.
    Number of authentication attempts allowed* Enter the number of times to display challenge questions to a user trying to log in before authentication fails.
    Type of Directory* The only directory supported is Active Directory.
    Use SSL Select YES if you use SSL for your directory connection. You add the Active Directory SSL certificate in the Directory Certificate field.
    Server Host* Enter the Active Directory host name.
    Server Port Enter the Active Directory port number.
    Use DNS Service Location Select YES if DNS service location is used for directory connection.
    Base DN Enter the DN from which to start account searches. For example, OU=myUnit,DC=myCorp,DC=com.
    Bind DN* Enter the account that can search for users. For example , CN=binduser,OU=myUnit,DC=myCorp,DC=com
    Bind Password Enter the password for the Bind DN account.
    Search Attribute Enter the account attribute that contains the username.
    Directory certificate To establish secure SSL connections, add the directory server certificate to the text box. In the case of multiple servers, add the root certificate of the certificate authority.
    Use STARTTLS Change NO to YES to use STARTTLS.
  5. Click Save.