You can set up your environment to require that users log in with an RSA SecurID token. SecurID setup is supported only from the command line.
See the two vSphere Blog posts about RSA SecurID setup for details.
Note: RSA Authentication Manager requires that the user ID is a unique identifier that uses 1 to 255 ASCII characters. The characters ampersand (&), percent (%), greater than (>), less than (<), and single quote (`) are not allowed.
Prerequisites
- When configuring RSA SecurID, vCenter Single Sign-On (SSO) supports the use of User Principal Name (userPrincipalName attribute) as the user ID only when Integrated Windows Authentication (IWA) is configured as an identity source for RSA users.
- Verify that your environment uses Platform Services Controller version 6.5 or later, and that you use vCenter Server version 6.0 or later. Platform Services Controller version 6.0 Update 2 supports smart card authentication, but the setup procedure is different.
- Verify that your environment has a correctly configured RSA Authentication Manager and that users have RSA tokens. RSA Authentication Manager version 8.0 or later is required.
- Verify that the identity source that RSA Manager uses has been added to vCenter Single Sign-On. See Add or Edit a vCenter Single Sign-On Identity Source.
- Verify that the RSA Authentication Manager system can resolve the Platform Services Controller host name, and that the Platform Services Controller system can resolve the RSA Authentication Manager host name.
- Export the sdconf.rec file from the RSA Manager by selecting . Decompress the resulting AM_Config.zip file to find the sdconf.rec file.
- Copy the sdconf.rec file to the Platform Services Controller node.
Procedure
Results
If user name and password authentication is disabled and RSA authentication is enabled, users must log in with their user name and RSA token. User name and password login is no longer possible.
Note: Use the user name format
userID@domainName or
userID@domain_upn_suffix.