RSA Ready SecurID Access Implementation Guide for Microsoft Outlook on the web 2016

Document created by RSA Information Design and Development on Apr 29, 2019Last modified by RSA Link Admin on Aug 2, 2019
Version 2Show Document
  • View in full screen mode

Microsoft Corporation

Outlook on the web 2016

Solution Summary

Use Case

When integrated, Microsoft Outlook on the web end users must authenticate with RSA SecurID Access to sign in. Microsoft Outlook on the web can integrate using RSA Authentication Agent for Web: IIS or RSA Authentication Agent for AD FS.

 

Integration Types

RSA Authentication Agent for Web: IIS allows you to protect selected web pages with RSA SecurID. The Web Agent software, residing on a web server (agent host), intercepts all user requests for protected web pages. When a user attempts to access a URL that RSA SecurID protects, the Web Agent requests the user name and passcode (which consists of an RSA SecurID PIN and the tokencode from the user’s authenticator) and passes them to RSA Authentication Manager for authentication. If the authentication is successful, the Web Agent stores the information in a cookie in the user’s browser. As long as the cookie remains valid, the user is granted access to protected web pages.

Visit the RSA Authentication Agent for Web: IIS page on RSA Link for documentation and downloads.

RSA Authentication Agent for AD FS is authentication software that connects your Microsoft Active Directory Federation Services (AD FS) server to RSA SecurID Access using the REST protocol to provide multifactor authentication capabilities for AD FS. When a user attempts to access an AD FS-protected resource, the user enters username and password credentials for primary authentication. Agent for AD FS then prompts the user to complete one or more additional authentication methods, depending on the configured authentication mode.

Agent for AD FS supports these authentication modes:

  • RSA Authentication Manager. Connects the agent to an existing RSA Authentication Manager instance in your deployment, making the SecurID Token method available for user authentication. You use the Operations Console, Security Console, and Self-Service Console to manage identity sources, users, and tokens.
  • Cloud Authentication Service. Connects the agent to the RSA SecurID Access Cloud Authentication Service, making the Authenticate Tokencode, Approve, Device Biometrics, SMS Tokencode, and Voice Tokencode methods available. If Authentication Manager is integrated with the Cloud Authentication Service, RSA SecurID Token can also be used to authenticate in this mode. You use the Cloud Administration Console to manage identity sources, users, access policies, and authentication methods.

Visit the RSA Authentication Agent for AD FS page on RSA Link for documentation and downloads.

 

Supported Features

This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use.

 

Microsoft Outlook on the web integration with RSA Cloud Authentication Service

                                                     
Authentication Methods

Web Agent

AD FS Agent

RSA SecurIDn/a
LDAP Passwordn/a
Authenticate Approven/a
Authenticate Tokencoden/a
Device Biometricsn/a
SMS Tokencoden/a
Voice Tokencoden/a
FIDO Tokenn/an/a

 

Microsoft Outlook on the web integration with RSA Authentication Manager

                            
Authentication Methods

Web Agent

AD FS Agent
RSA SecurID
On Demand Authentication
Risk-Based Authenticationn/a

 

                     
Supported
- Not supported
n/tNot yet tested or documented, but may be possible.
n/aNot applicable
 

Attachments

    Outcomes