After the Unified Access Gateway appliance is configured as the authentication agent in the RSA SecurID server, you must add the RSA SecurID configuration information to the Unified Access Gateway appliance.

Prerequisites

  • Verify that RSA Authentication Manager (the RSA SecurID server) is installed and properly configured.
  • Download the compressed sdconf.rec file from the RSA SecurID server and extract the server configuration file.

Procedure

  1. In the admin UI Configure Manually section, click Select.
  2. In the General Settings Authentication Settings section, click Show.
  3. Click the gearbox in the RSA SecurID line.
  4. Configure the RSA SecurID page.
    Information used and files generated on the RSA SecurID server are required when you configure the SecurID page.
    Option Action
    Enable RSA SecurID Change NO to YES to enable SecurID authentication.
    *Name The name is securid-auth.
    *Number of Iterations Enter the number of authentication attempts that are allowed. This is the maximum number of failed login attempts when using the RSA SecurID token. The default is 5 attempts.
    Note: When more than one directory is configured and you implement RSA SecurID authentication with additional directories, configure Number of authentication attempts allowed with the same value for each RSA SecurID configuration. If the value is not the same, SecurID authentication fails.
    *External HOST Name Enter the IP address of the Unified Access Gateway instance. The value you enter must match the value you used when you added the Unified Access Gateway appliance as an authentication agent to the RSA SecurID server.
    *Internal HOST Name Enter the value assigned to the IP address prompt in the RSA SecurID server.

    *Server Configuration

    Click Change to upload the RSA SecurID server configuration file. First, you must download the compressed file from the RSA SecurID server and extract the server configuration file, which by default is named sdconf.rec.
    *Name Id Suffix Enter the nameId as @somedomain.com. Is used to send additional content such as domain name to the RADIUS server or the RSA SecurID server. For example, if a user logs in as user1, then [email protected] is sent to the server.