After Directories Management is configured as the authentication agent in the RSA SecurID server, you must add the RSA SecurID configuration information to the connector.

Prerequisites

  • Verify that RSA Authentication Manager (the RSA SecurID server) is installed and properly configured.

  • Download the compressed file from the RSA SecurID server and extract the server configuration file.

Procedure

  1. As a tenant administrator, navigate to Administration > Directories Management > Connectors
  2. On the Connectors page, select the Worker link for the connector that is being configured with RSA SecurID.
  3. Click Auth Adapters and then click SecurIDldpAdapter.

    You are redirected to the identity manager sign in page.

  4. In the Authentication Adapters page SecurIDldpAdapter row, click Edit.
  5. Configure the SecurID Authentication Adapter page.

    Information used and files generated on the RSA SecurID server are required when you configure the SecurID page.

    Option

    Action

    Name

    A name is required. The default name is SecurIDldpAdapter. You can change this.

    Enable SecurID

    Select this box to enable SecurID authentication.

    Number of authentication attempts allowed

    Enter the maximum number of failed login attempts when using the RSA SecurID token. The default is five attempts.

    Connector Address

    Enter the IP address of the connector instance. The value you enter must match the value you used when you added the connector appliance as an authentication agent to the RSA SecurID server. If your RSA SecurID server has a value assigned to the Alternate IP address prompt, enter that value as the connector IP address. If no alternate IP address is assigned, enter the value assigned to the IP address prompt.

    Agent IP Address

    Enter the value assigned to the IP address prompt in the RSA SecurID server.

    Server Configuration

    Upload the RSA SecurID server configuration file. First, you must download the compressed file from the RSA SecurID server and extract the server configuration file, which by default is named sdconf.rec.

    Node Secret

    Leaving the node secret field blank allows the node secret to auto generate. It is recommended that you clear the node secret file on the RSA SecurID server and intentionally do not upload the node secret file. Ensure that the node secret file on the RSA SecurID server and on the server connector instance always match. If you change the node secret at one location, change it at the other location.

  6. Click Save.

What to do next

Add the authentication method to the default access policy. Navigate to Administration > Directories Management > Policies and click Edit Default Policy to edit the default policy rules to add the SecurID authentication method to the rule in the correct authentication order.