000012341 - Testing authentication with RSA Authentication Manager 7.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000012341
Applies ToRSA Product Set: SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  7.1
 
IssueThis article provides steps for testing authentication with RSA Authentication Manager 7.1.
Resolution

Requirements


This is an overview of requirements after a clean installation of RSA Authentication Manager 7.1.  


  1. Token seed records have been imported into the Authentication Manager server.  Please refer to page 78 in the RSA Authentication Manager 7.1 Administrator Guide (Importing Hardware and Software Token Records).
  2. User accounts have been migrated to RSA Authentication Manager 7.1 migration, either to an external identity source or to the internal database.  Please refer to page 15 of Chapter 1: (Preparing RSA Authentication Manager for Administration) in the Administrator Guide. Refer to page 30 to add a user to the internal database via the Security Console.
  3. Assigning a token to a user account.  Please refer to page 79 in the Administrator Guide (Assigning and Unassigning Hardware and Software Tokens).  Note if the token is supposed to be used with or without a PIN.
  4. An authentication agent record has been added to  the RSA Security Console.  Please refer to page 66 in the Administrator Guide (Creating an RSA Agent Record Using the RSA Security Console).

 At this point a user has been created and assigned a token, a standard authentication agent has been added to the internal database, enabled and configured where all users can access it. 


 


Test Access


 


  1. In the RSA Security Console, click Access > Test Access.
  2. Enter the name of the authentication agent created in step 4, above.
  3. Enter the User ID for the account created in step 2, above.
  4. Click Test.

The test results displays whether the user is configured on the authentication agent. If the results say something like Yes, the user has been granted access to the authentication agent then continue with a Test Authentication from the RSA Authentication Agent software.
 


Start the Activity Log Monitor


 


  1. In the RSA Security Console, click Reporting > Real-time Activity Monitors > Authentication Activity Monitor.
  2. In the new window, select relevant display results and click Start Monitor.  See Chapter 9 in the Admin Guide for more information on logging and reporting.
  3. Check that the authentication agent is authenticating to the RSA Authentication Manager 7.1 system.
  4. In the Windows Control Panel, click the RSA Security Center icon > Configuration > Server Environment.  
  5. Click the Server Status button and check the server name and IP address are as expected.

Perform a test authentication using RSA Authentication Agent


 


  1. In the Windows Control Panel, click the RSA Security Center icon > Configuration tab > Authentication Test.
  2. Click the Test button and choose the authenticator type and enter a user name created above.  In the Passcode text box, enter the digits displaying on the token and click OK
  3. Since this is a newly assigned token, it is in what is called New PIN Mode.  Based on how the token was assigned to the user in step 3 above, authentication is completed with or without a PIN.
  4. If the token is PINless, wait for the tokencode to roll to the next one and enter the displayed tokencode.
  5. If the token requires a PIN, enter a PIN at the prompt and click OK.  Follow the prompt to wait until the next tokencode is displayed on the token then enter the PIN followed by the tokencode to complete the authentication request.  Note that there are differences in how New PIN Mode works for hardware tokens vs. software tokens so please review the documentation.
  6. Below is an example of a successful test authentication (where the assigned token was in New PIN mode) in the Authentication Activity Monitor. The Authentication Manager 7.1 system is called am71.local.net with an IP address of 192.168.1.20 and the user is mbell with an assigned token of 0000nnnnnnnn.
  7. The  Authentication Activity Monitor results are shown below (minus the Time column) :


  

Activity Key


  

  

Description


  

  

Reason


  

  

User ID


  

  

Agent


  

  

Server Node IP


  

  

Authentication attempted.


  

  

Authentication attempted for user mbell in security domain SystemDomain from SystemIS identity source. Request originated from agent am71.local.net with IP address 192.168.1.20 in security domain SystemDomain with protocol version SystemIS. Authentication method: SecurID_Native, Authentication policy exp: , Activation Group: , Token serial number: 0000nnnnnnnn, Alias: 


  

  

Authentication succeeded.


  

  

mbell


  

  

am71.local.net


  

  

192.168.1.20


  

  

Authentication attempted.


  

  

Authentication attempted for user mbell in security domain SystemDomain from SystemIS identity source. Request originated from agent am71.local.net with IP address 192.168.1.20 in security domain SystemDomain with protocol version SystemIS. Authentication method: SecurID_Native, Authentication policy exp: , Activation Group: , Token serial number: 0000nnnnnnnn, Alias: 


  

  

Authentication succeeded in new PIN mode


  

  

mbell


  

  

am71.local.net


  

  

192.168.1.20


  

  

PIN changed attempted.


  

  

User mbell in security domain SystemDomain from identity source SystemIS attempted to change pin for token serial number 0000nnnnnnnn.


  

  

PIN change accepted.


  

  

mbell


  

  

am71.local.net


  

  

192.168.1.20


  

WorkaroundA realm administrator wants to check that a user can authenticate via the test authentication option found in RSA Authentication Agent for Windows software.
Legacy Article IDa40992

Attachments

    Outcomes