IBM Security Access Manager 9.0 - Risk-Based Authentication Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Jul 30, 2019
Version 1Show Document
  • View in full screen mode

This section describes how to integrate RSA SecurID Access with IBM Security Access Managerusing Risk Based Authentication.

Architecture Diagram

RSA Authentication Manager

To configure your RSA Authentication Manager for risk-based authentication with IBM Security Access Manager, you must create an agent host record and enable it for risk-based authentication in the RSA Authentication Manager Security Console. You will need to download the sdconf.rec and the risk-based authentication integration script for the appropriate device type to configure the agent. RSA Authentication Manager can integrate risk-based authentication with UDP-based or RADIUS agents only.

The latest risk-based authentication script template is at the following link.


Download this file and copy it to the following directory in your primary RSA Authentication Manager server.


Refer to RSA Authentication Manager Administrator's Guide for more information on RBA integration scripts.

Note:  The risk-based authentication script shows the IBM Security Access Manager version as 7.x, but it will work with version 9.x also.


IBM Security Access Manager

Perform these steps to configure IBM Security Access Manager  for risk-based authentication with RSA Authentication Manager for web reverse proxy.

Before you begin

Complete Authentication Agent Configuration for Web Reverse Proxy.


1. Log in to the local management interface of the appliance.

2. Browse to Secure Web Settings > Manage > Reverse Proxy.

3. Select the reverse proxy instance and click Manage > Management root.

4. On the Manage Reverse Proxy Management Root window, browse to Management > C.

5. Double-click tokenlogin.html file to open. Create <script> </script> HTML tags after closing </body> HTML tag, copy the contents of the am_integration.js file and add it as shown below and click Save.


<script type="text/javascript" language="Javascript">

*************Paste contents of am_integration.js here**************************


<script> window.onload=redirectToIdP(); </script>


6. Click Close.

7. Deploy changes.


Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the Risk-Based Authentication configuration to your use case.