Skip navigation
All Places > Products > RSA SecurID Access > Blog > 2019 > June
2019

Seamless access to RSA My Page for self-service

To help make it easier for end users to enroll and manage their RSA Authenticate App we have enabled single-sign-on (SSO) support to RSA My Page from an external IDP.  In addition, you can also add your company logo for display during self-service.  These two features will allow seamless access for end users and provide a consistent user-branded experience.  

 

 

Important: Upcoming Cloud Authentication Service IP Address Changes

To align with Microsoft Azure Resource Manager deployment model changes, the Cloud Authentication Service and Cloud Administration Console IP addresses will be changing in September 2019. Your deployment must be able to connect to both new and old IP addresses in September 2019.

 

RSA recommends that you start planning with your organization now to make the necessary changes to connect to these new IP addresses. If you do not update your firewall rules with the new IP addresses, your identity routers will not be able to contact the Cloud Authentication Service and services will be disrupted. For details, see Notice of Upcoming Cloud Authentication Service IP Address Changes.

 

For further details on all the new and updated capabilities of the June release, please refer to the Release Notes here:  RSA SecurID® Access Release Notes: Cloud Authentication Service and RSA SecurID Authenticate App 

 

All these enhancements make RSA SecurID® Access and even more convenient, pervasive and intelligent solution for your authentication needs.

(Authored by Steve Schlarman, Portfolio Strategist, RSA)

 

It was Mark’s big shot.  He finally had a meeting with Sharon, the CIO.  Her schedule was so busy it was legendary and for her to spend time with a risk analyst was a clear indicator she recognized the new challenges facing their company.  Although he only had 15 minutes, Mark was prepared - notepad at the ready, brimming with nervous energy.   After some brief chit-chat he got down to business – ready to drill into a conversation about their company’s biggest obstacles; the most impactful concerns; the top of mind issues; the coup de grace that could spell disaster for the organization.  He took a deep breath and went to his big money question… ‘So, what keeps you up at night? What are you worried about?’ 

 

Sharon beamed.  She spun around to her white board and spewed a litany of projects fueling their company’s digital transformation – an IoT project, the SalesForce.com implementation, a massive VMWare migration and their hybrid cloud, the new employee work-at-home program, the impending customer mobile portal…

While that question got Sharon started, let’s think about this a bit differently.

 

With all the benefits the new digital world offers, there are a host of risks that must be managed.   The major areas of risk remain the ‘usual suspects’ such as security, compliance, resiliency, inherited risks from third parties and operational risk. However, digital business amplifies uncertainty for organizations today.  For example:

  • Digital business, by its very nature, increases the threat of cyber incidents and risks around your intellectual property and customer data.
  • The expanded connectivity and expectations of the ‘always on’ business stresses the importance of resiliency.
  • Business has evolved into an ecosystem of internal and external services and processes leading to a complex web of ‘inherited’ risks.
  • The disappearing perimeter and digital workforce is challenging how organizations engage their customers and employees.

 

Factors such as these are why digital initiatives are forcing organizations to rethink and increasingly integrate their risk and security strategies. 

 

The objective for today’s risk professional is not just about defending against the bad.  Just like Mark discussing the parade of initiatives with Sharon that clearly impact their company’s future, you must be ready to help usher in a new age of digital operations.  Merely riding the buzzword wave - IoT, social media, big data analytics, augmented reality… - is not enough. 

 

You must look at opportunities to enable innovation in your business while building trust with your customers and throughout your enterprise.  Your business must be comfortable with embracing risk and aggressively pursuing market opportunities offered by new technology.  To do that, risk associated with the use of emerging or disruptive technology in transforming traditional business processes needs to be identified and assessed in the context of fueling innovation.   You also must keep focus on the negative side of risk.  Your business today demands an open, yet controlled, blend of traditional and emerging business tactics.  You must help manage the ongoing risk as these transformed business operations are absorbed into the organization fully, i.e. the new model becomes the normal model of doing business.

 

Risk is, by definition, uncertainty.  Everyone is concerned about uncertainty in today’s world.  However, if we go back to the simple equation (risk = likelihood * impact), risk should be something we can dissect, understand, and maybe even calculate.   While you are helping your organization embrace the advantages (positive risk) of technologies like IoT, data analytics, machine learning and other emerging digital enablers, the volatile, hyperconnected nature of digital business amplifies the negative side of risk.  It is anxiety about the unknown that leads us into that executive conversation, but it shouldn’t lead to worry.

 

Worry is about fear.  Your executives shouldn’t be afraid in today’s world.   They should have informed concerns.  And you – as the security or risk person in the room – should be feeding insights to raise their visibility of the likelihood of events and diminish their distress on the negative impacts.  Risk is part of riding the waves of business opportunities.

Risk is not something you should WORRY about…  it is something you should ACT on.

***********

To learn more about digital risk management, click on our new Solutions Banners located in the right-hand column of each RSA product page: Third Party RiskCloud TransformationDynamic Workforce, and Cyber Attack Risk.

Don't miss our upcoming June product webinar tomorrow - June 12th at 11 am EST.    More details here on the webinar content and registration details - Don't Miss Our Upcoming June Product Webinar  

 

As always we will record this session and post the replay back to RSA SecurID Access:  All Access Granted 

In the past few months we have had conversations with many of you, our RSA SecurID® Access customers, who currently use RSA SecurID Hardware or Software tokens, about your journey to modernize authentication. We have heard you uncover three major themes:

  1. You need a simple, convenient way to extend multifactor authentication (MFA) to more types of users across the organization. Users who are on the go and need a simple and modern MFA experience.

  2. You need a faster, less obtrusive way to enable MFA for your existing users with tokens accessing existing resources protected by RSA SecurID today.

  3. You need to extend authentication to additional access uses cases such as SaaS applications and cloud infrastructure.

 

We love getting this kind of feedback for you because it helps us create solutions that can help you enable your business to grow securely.


In the upcoming June product release of RSA SecurID Access, an easy and efficient approach to adopting multi-factor authentication allows you to get faster time to value to achieve these goals, without needing to upgrade your existing authentication environment.

 

What's new?

Users can easily access existing resources protected by SecurID today including Virtual Private Network (VPN), Windows Desktop log-in, Linux/Unix based servers etc, with modern authentication methods including Push to Approve.

 

How is that done?

RSA SecurID authentication agents intercept access requests from users and direct these requests to the RSA Authentication Manager server for authentication. Once the system verifies users, they are granted access.

 

What does it mean for the end-users accessing resources?

Users can access RSA SecurID agent-protected resources with a secure and convenient authentication experience by simply entering their existing RSA SecurID PIN and tapping Approve on their registered devices. Or they can enter One-Time Password (OTP) tokencodes generated by the RSA SecurID Authenticate application. There is no need to replace or update your existing agents or RSA Ready products, and users do not need to memorize a new PIN.

 

What do you need to do to set this up?

Administrators can leverage a new wizard directly from the RSA Authentication Manager (AM) Security Console to set up and configure secure connections between AM and the Cloud Authentication Service. Invite users from the AM Manage Users page to enroll and register for MFA. This not only saves many configuration steps but minimizes training costs by using the AM console that is well known by your administrators and dramatically reduces the time to deploy.

 

Better Help Desk management?

 

Help Desk Administrators have a unified view from AM User Dashboard to manage a mixed deployment of tokens / MFA from a single console. This will result in much faster resolution of user help desk calls.

 

Achieve Faster Compliance at a Lower Cost

 

Immediately, expand MFA to new use cases and new users. Enable new users to create a PIN + Approve from their mobile device, eliminate passwords and achieve compliance. Lower cost by enabling MFA for third party contractors and suppliers. For token renewals, leverage MFA and lower token provisioning costs.

The Birth of Portable Computing

Computing in the modern world has changed drastically. Gone are the yesteryears when computers were big machines the size of your closet that is not very portable. Today, users demand portable computing whenever and wherever. In the Enterprise, efficiency is key. IT organizations are now open to provision more mobile devices such as smartphones, laptops and even tablets. This enables employees to be that much more productive on the go and ensures them reliable access to what they need; whenever, wherever.

 

Portable Computing Needs Untethered Security

IT organizations today recognize the need to secure these machines. However, what they fail to recognize is that these machines are often offline for many reasons. As an example, you need to login to your Windows laptop quickly because you are late for a very important customer call. However, your laptop is offline when you try to login; It is still trying to connect to the company network. Maybe, you are getting updated reports periodically about an urgent issue because you are mid-flight towards a remote data-center attempting to fix it. You want to be ready to go as soon as you land. However, your Windows tablet is offline because WiFi on-board is not freely available. Better yet, you need to login to your laptop quickly and email over a freshly signed Sales Order; all this to seal the deal before close of business. However, because you are onsite at that customer's office, your laptop is offline and has not connected to their Guest WiFi network at all.

 

These instances requires you to login first before establishing a network connection.You are effectively locked out of your machine if login while offline is not allowed. What then? Do we just create a backdoor Just-In-Case (a.k.a. Fail Open) login account? The answer cannot simply just be " No Network, No Secure Login Needed" for these whenever-wherever-machines.

 

Convenient & Seamless Windows Login Untethered, The RSA Way

Introducing, the All New RSA Multi-Factor Authentication (MFA) Agent for Microsoft Windows. This is our vision for users to securely and reliably login to Windows machines that is Convenient and Seamless whether Online or Offline. Anyone can claim that their product is reliable. This is because if something goes wrong, they can depend on users easily getting online and even stay online reliably while standing still.  These machines in the above examples are offline and  cannot connect to the authentication server to complete authentication. However, the user cannot get the machine back online unless they can login first. Good luck telling them to go to the nearest company office location just to login again.

 

This agent is designed from the ground up with the strength of the RSA Authentication Agent for Microsoft Windows (a.k.a Windows Agent); the convenience and secure modern authentication options of the RSA SecurID Access Cloud Authentication Service (CAS); all to secure Windows workstation and server logins.Not only is the ability for users to authenticate with different modern authentication methods that makes this agent unique; it is the ability for users to login Online or Offline, to their machines with the same authentication device and the same login experience. Imagine having to login multiple times a day and deciding which device to use for login all the time. You want convenient login and IT admins want secure login to your whenever-wherever-machines.

 

How RSA Does It... Better

The MFA Agent's Offline Authentication uses the Authenticate Tokencode; generated by the RSA SecurID Authenticate App. This is based on RSA's unique way of allowing tokencodes to be verified without network connectivity to the authentication server. What makes the MFA Agent's offline authentication even better than other solutions is the use of the same Authenticate Tokencode for both online or offline authentication. With our agent, an attacker cannot gain access to the machine console while malicious code cannot properly execute while the machine is offline. This is because most sensitive resources on an MFA Agent protected Windows machine requires a valid Authenticate Tokencode. To top it off, if users choose to login with an Authenticate Tokencode while online , they can also use the same device to generate an Authenticate Tokencode for login while offline.

 

This is what we do today with the classic Windows Agent using tokencodes generated by RSA's award-winning RSA SecurID tokens, deemed the Gold Standard for reliable and secure Offline Authentication. IT organizations cannot effectively secure and control a machine that is offline from an attacker that is either in front of the console, or already running as malicious code inside these machines. Large corporations and various governments globally have trusted it for many years to protect login to their most important Windows machines when offline; you can trust our MFA Agent to do the same for your whenever-wherever-machines.

 

Something Sweet For Servers Too

What about Windows Servers? Some equate non-portable Windows machines to never-offline-machines. What they learn is that servers can become offline due to a simple thing such as a patch applied gone wrong and simply un-assigns the server's IP address. Admins can only reconnect them to the network if they login to the server first. A lot of products out there will allow servers to "Fail Open" as a solution or even force admins to create a backdoor login account as  backup. Why find this acceptable? Use the all new MFA Agent to reliably secure server logins when offline, just like the rest of your whenever-wherever-machines.

 

Summary

As you go about evaluating a secure Windows Login solution, make sure you ask yourself "What happens to login when the machine is offline?" You will find that you either have to give up on security or convenience or both. Now, you don't have to anymore. With RSA, organizations can empower users with Convenient & Seamless Windows Secure Authentication - Untethered. For end users, this is like having your cake and eating it too - no strings attached.

 

Filter Blog