To configure RSA Adaptive Authentication on the service, you enable RSA Adaptive Authentication; select the adaptive authentication methods to apply, and add the Active Directory connection information and certificate.
Prerequisites
- RSA Adaptive Authentication correctly configured with the authentication methods to use for secondary authentication.
- Details about the SOAP endpoint address and the SOAP user name.
- Active Directory configuration information and the Active Directory SSL certificate available.
Procedure
- In the VMware Identity Manager console Identity & Access Management tab, select Setup.
- On the Connector page, Workers column, select the link for the connector that is being configured.
- Click Auth Adapters and then click RSAAAldpAdapter.
You are redirected to the identity manager authentication adapter page.
- Click the Edit link next to the RSAAAldpAdapter.
- Select the appropriate settings for your environment.
Note: An asterisk indicates a required field. The other fields are optional.
| Option |
Description |
| *Name |
A name is required. The default name is RSAAAldpAdapter. You can change this name. |
| Enable RSA AA Adapter |
Select the check box to enable RSA Adaptive Authentication. |
| *SOAP Endpoint |
Enter the SOAP endpoint address for integration between the RSA Adaptive Authentication adapter and the service. |
| *SOAP Username |
Enter the user name and password that is used to sign SOAP messages. |
| RSA Domain |
Enter the domain address of the Adaptive Authentication server. |
| Enable OOB Email |
Select this check box to enable out-of-band authentication that sends a onetime passcode to the end user via an email message. |
| Enable OOB SMS |
Select this check box to enable out-of-band authentication that sends a onetime passcode to the end user via a SMS text message. |
| Enable SecurID |
Select this check box to enable SecurID. Users are asked to enter their RSA token and passcode. |
| Enable Secret Question |
Select this check box if you are going to use enrollment and challenge questions for authentication. |
| *Number Enrollment Questions |
Enter the number of questions the user will need to setup when they enroll in the Authentication Adapter server. |
| *Number Challenge Questions |
Enter the number of challenge questions users must answer correctly to login. |
| *Number of authentication attempts allowed |
Enter the number of times to display challenge questions to a user trying to log in before authentication fails. |
| Type of Directory |
The only directory supported is Active Directory. |
| Server Port |
Enter the Active Directory port number. |
| Server Host |
Enter the Active Directory host name. |
| Use SSL |
Select this check box if you use SSL for your directory connection. You add the Active Directory SSL certificate in the Directory Certificate field. |
| Use DNS Service Location |
Select this check box if DNS service location is used for directory connection. |
| Base DN |
Enter the DN from which to start account searches. For example, OU=myUnit,DC=myCorp,DC=com. |
| Bind DN |
Enter the account that can search for users. For example , CN=binduser,OU=myUnit,DC=myCorp,DC=com |
| Bind Password |
Enter the password for the Bind DN account. |
| Search Attribute |
Enter the account attribute that contains the username. |
| Directory certificate |
To establish secure SSL connections, add the directory server certificate to the text box. In the case of multiple servers, add the root certificate of the certificate authority. |
- Click Save.
What to do next
Enable the RSA Adaptive Authentication auth method in the Built-in identity provider from the Identity & Access Management > Manage tab. See Using Built-in Identity Providers.
Add the RSA Adaptive Authentication auth method to the default access policy. Go to the Identity & Access Management > Manage > Policies page and edit the default policy rules to add Adaptive Authentication. See Managing Authentication Methods to Apply to Users.
