Over a year ago, RSA proudly launched the RSA SecurID Access My Page user self-service portal. It is our cloud-hosted self-service portal designed to help users easily register and conveniently manage their own authentication devices without any help from the IT Help Desk. However, ease and convenience does not equate to reduction in security. Utilizing our experience implementing user self-service features, we want to make sure that users do not end up being the weakest link. That is the vision for My Page, a place where users can securely register and manage their own authentication devices. This makes for Happy Users, and Even Happier Administrators.
Continue reading to find out how this is done in the RSA SecurID Access August 2019 Cloud Authentication Service Release.
Improvements and Additional Configuration Options for My Page
The goal of an application portal is to provide users with a centralized place to access the applications needed on a daily basis, while at the same time allowing admins to control which applications users can access. This boosts user productivity when using multiple applications daily and increases security by governing the use of corporate applications.
Customers now have the flexibility to provide access to RSA SecurID Access My Page through third-party application portals of their choice including the RSA SecurID Access Application portal. This makes it even easier for users to find My Page when managing their own authentication devices.
Additional My Page options are now available, such as setting the destination page users go to after signing out of My Page or when they encounter an error. This allows users to stay within the same corporate virtual environment after managing their devices and to easily get help when needed.
Improved Single Sign-On Option When Adding a Service Provider
One way to promote usability and ease of use is to ensure a consistent look and feel across applications deployed within the organization. This is especially important for basic tasks such as user authentication required before using each application because a user can potentially authenticate to as many as 10 different applications during a typical workday.
Admins also have concerns with user credentials being submitted outside of the corporate network. This is due to the possibility of the user's traffic being intercepted or even key logging malware installed on remote machines. The concern is even greater with self-service registered device management features designed to allow users to do it anywhere and anytime.
To promote ease of use and increase security posture, customers can now use their own cloud identity provider as the primary authentication option for My Page. At the same time, admins can also be assured that all My Page user credentials are securely submitted for authentication. This is achieved by enabling the new SAML based IdP initiated option for My Page user authentication.
Now, users can easily authenticate to My Page with the same look and feel as other corporate apps they use daily. At the same time, credentials are securely submitted within a controlled trusted corporate network that is handled by a service external to RSA that may very well be firewall-protected.
IT Help Desk Assisted Secure Device Registration
No matter how self-service a feature can be designed, some may still offer an admin assisted device registration option. Don't forget, registration issues may still happen and users still end up calling their IT Help Desk for further assistance. Since one of the goals of My Page is to help users register their own devices, only the user has access to information needed for device registration and not the admin. The user could screen-share their desktop with the admin during the help call; however, there should be an easier way to do this.
Admins can generate a code with a click of a button in the User Management section of the Cloud Administration Console. Admins can then provide this code to users over the phone. This can be used as part of an admin-assisted device registration process and even during registration troubleshooting because the generated one-time-use code is valid for a limited amount of time.
Additional Deployment Option for for Windows
We are aware that some customers are restricting users from getting Windows Apps through the Microsoft Store. Instead, they prefer that these apps be distributed centrally similar to how it is traditionally done with other Windows apps in-use today. Admins can now use Deployment Image Servicing and Management (DISM) to deploy the app from a command-line tool. After the app is deployed, users can then complete RSA SecurID Authenticate device registration.
For more information on these and other new features in the August 2019 RSA SecurID Access release, see the August 2019 Release Notes.