IBM Security Access Manager 9.0 - Advanced Access Control Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on Jul 30, 2019
Version 1Show Document
  • View in full screen mode

Follow the instruction steps in this section to apply your Authentication Agent configuration to IBM Security Access Manager Advanced Access Control.

 

Before you begin: Configure the integration type that your use case will employ. Refer to the Integration Configuration Summary section for more information.

Procedure

1. Log in to the local management interface of the appliance.

2. Browse to Secure Web Settings > Manage > Reverse Proxy.

3. Select the reverse proxy server instance that was added in prerequisites and click Manage > AAC and Federation Configuration > Authentication and Context Based Access Configuration.

4. On the Authentication and Context Based Access Configuration window,

  1. On the Main tab, click Next.

  1. On the AAC Runtime tab, enter password for easuser in Password field and click Next.

  1. On the Reuse Options tab, click Finish.

5. Deploy changes.

6. Next step is to configure Access Control policy to enable RSA SecurID authentication for a protected resource.

 

Configure Access Control Policy for RSA SecurID Authentication

The steps below show a simple procedure for configuring access control policy for enabling RSA SecurID authentication for accessing a protected resource. For complete details regarding configuring access control policies refer to IBM Security Access Manager documentation.

1. On the local management interface, browse to Secure Access Control > Policy > Access Control.

2. Click Create Policy symbol.

3. On the Policy page,

  1. Specify a name in the Name field.
  2. Under Rules section, select Unconditional rule from Add Rule drop-down list.

  1. For the new rule, select Permit with Authentication from the drop-down list.

  1. For Authentication option, select RSA One-time Password from the drop-down list.

  1. Click Save.

4. On the Access Control page, click Resources tab, Click Add Resource symbol.

5. On the Policy Server Login window, enter policy server administrator credentials and click Save.

6. On the Add Resource window,

  1. Select the proxy server instance from Proxy Instance drop-down list.
  2. For Protected Path, click Browse to browse and select the resource to protect.
  3. Click Save.

7. Click Attach.

8. On the Attach Polices window, under Policies section, select the policy created above and click Ok.

9. Click Publish to publish the policies.

 

Note:  For testing, create a user in Security Access Manager and try to access resource configured for advanced access control eg. https://vm2006.pe.rsa.net/index.html and authenticate using Security IBM Security Access Manager credentials and then using RSA SecurID credentials.

 

User Experience

                        
Authentication Agent
RSA SecurID Operation RSA SecurID Authentication Prompts
Sign-in
User-defined new PIN
Next tokencode

 

Head back to the main page for more certification related information.

 

Attachments

    Outcomes