After the VMware Identity Manager appliance is configured as the authentication agent in the RSA SecurID server, you must add the RSA SecurID configuration information to the connector.
Prerequisites
- Verify that RSA Authentication Manager (the RSA SecurID server) is installed and properly configured.
- Download the compressed file from the RSA SecurID server and extract the server configuration file.
Procedure
- In the VMware Identity Manager console Identity & Access Management tab, select Set Up.
- On the Connectors page, select the Worker link for the connector that is being configured with RSA SecurID.
- Click Auth Adapters and then click SecurIDldpAdapter.
You are redirected to the identity manager sign in page.
- In the Authentication Adapters page SecurIDldpAdapter row, click Edit.
- Configure the SecurID Authentication Adapter page.
Information used and files generated on the RSA SecurID server are required when you configure the SecurID page.
Option |
Action |
Name |
A name is required. The default name is SecurIDldpAdapter. You can change this. |
Enable SecurID |
Select this box to enable SecurID authentication. |
Number of authentication attempts allowed |
Enter the maximum number of failed login attempts when using the RSA SecurID token. The default is five attempts.
Note: When more than one directory is configured and you implement RSA SecurID authentication with additional directories, configure
Number of authentication attempts allowed with the same value for each RSA SecurID configuration. If the value is not the same, SecurID authentication fails.
|
Connector Address |
Enter the IP address of the connector instance. The value you enter must match the value you used when you added the connector appliance as an authentication agent to the RSA SecurID server. If your RSA SecurID server has a value assigned to the Alternate IP address prompt, enter that value as the connector IP address. If no alternate IP address is assigned, enter the value assigned to the IP address prompt. |
Agent IP Address |
Enter the value assigned to the IP address prompt in the RSA SecurID server. |
Server Configuration |
Upload the RSA SecurID server configuration file. First, you must download the compressed file from the RSA SecurID server and extract the server configuration file, which by default is named sdconf.rec. |
Node Secret |
Leaving the node secret field blank allows the node secret to auto generate. It is recommended that you clear the node secret file on the RSA SecurID server and intentionally do not upload the node secret file. Ensure that the node secret file on the RSA SecurID server and on the server connector instance always match. If you change the node secret at one location, change it at the other location. |
- Click Save.
What to do next
Add the authentication method to the default access policy. Go to the Identity & Access Management > Manage > Policies page and edit the default policy rules to add the SecurID authentication method to the rule. See Managing Authentication Methods to Apply to Users.