If you create and distribute RSA SecurID software tokens to end users, users need enter only their PIN, rather than their PIN and a token code, to authenticate.
Setup Requirements
You can use Compressed Token Format (CTF) or dynamic seed provisioning, which is also called CT-KIP (Cryptographic Token Key Initialization Protocol), to set up an easy-to-use RSA authentication system. With this system, you generate a URL to send to end users. To install the token, end users paste this URL directly into Horizon Client on their client devices. The dialog box for pasting this URL appears when end users connect to a Connection Server instance with Horizon Client.
After the software token is installed, end users enter a PIN to authenticate. With external RSA tokens, end users must enter a PIN and the token code generated by a hardware or software authentication token.
The following URL prefixes are supported for end users that copy and paste the URL into Horizon Client when Horizon Client is connected to an RSA-enabled Connection Server instance:
- viewclient-securid://
- com.rsa.securid.iphone://
- com.rsa.securid://
For end users that install the token by tapping the URL, only the viewclient-securid:// prefix is supported.
For information about using dynamic seed provisioning or file-based (CTF) provisioning, see the Web page RSA SecurID Software Token for iPhone Devices at http://www.rsa.com/node.aspx?id=3652 or RSA SecurID Software Token for Android at http://www.rsa.com/node.aspx?id=3832.
Instructions to End Users
When you create a CTFString URL or CT-KIP URL to send to end users, you can generate a URL with or without a password or activation code. Send this URL to end users in an email that includes the following information.
- Instructions for navigating to the Install Software Token dialog box.
Instruct end users to tap External Token in the Horizon Client dialog box that prompts them for RSA SecurID credentials when they connect to a Connection Server instance.
- CTFString URL or CT-KIP URL in plain text.
If the URL has formatting on it, end users receive an error message when they try to use it in Horizon Client.
- Activation code, if the CT-KIP URL that you create does not already include the activation code.
End users must enter this activation code in a text box of the dialog box.
- If the CT-KIP URL includes an activation code, instruct end users that they need not enter a value in the Password or Activation Code text box in the Install Software Token dialog box.