Overview of requirements after a clean installation of RSA Authentication Manager 7.0: 1) Token seed records imported into the RSA Authentication Manager Please refer to page 64 in the RSA Authentication Manager 7.0 Administrator?s Guide ? Importing Token Records
2) User account in RSA Authentication Manager 7.0 ? migration, LDAP source or adding users to the internal database Please refer to page 11, Chapter 1: Preparing RSA Authentication Manager for Administration in the RSA Authentication Manager 7.0 Administrator?s Guide. Refer to page 24 to add a user to the internal database with the RSA Security Console.
3) Assigning a token to a user account Please refer to page 65 in the RSA Authentication Manager 7.0 Administrator?s Guide ? Assigning and Unassigning Hardware Tokens or page 67 for Assigning, Unassigning and Issuing Software Tokens
4) Authentication Agent configured in RSA Security Console For this solution we will assume the RSA Authentication Agent for Windows has been installed on the same system as RSA Authentication Manager 7.0 software. Please refer to knowledge article ?How to add the RSA Authentication Manager Primary as an Agent Host on Authentication Manager 7.0? to configure the Authentication Agent in the RSA Security Console. ** At this point a user has been created and assigned a token. A standard authentication agent has been added to the internal database, enabled, and configured where all users can access it. ** 5) Test Access In the RSA Security Console, click Access > Test Access Enter the name of the Authentication Agent Enter the User ID for the account previously created Click Test The test results displays whether the user is configured on the authentication agent. If the results say something like ?Yes, the user has been granted access to the authentication agent? then continue with a Test Authentication from the RSA Authentication Agent software.
6) Start the Activity Log monitor In the RSA Security Console, click Reporting > Real-time Activity Monitors > Authentication Activity Monitor In the new window, select relevant display results and click Start Monitor Note: Chapter 6 in the RSA Authentication Manager 7.0 Administrator?s Guide covers Logging and Reporting
7) Check the RSA Authentication Agent is authenticating to the RSA Authentication Manager 7.0 system. In the Windows Control Panel, click RSA Security Center icon > Configuration tab > Server Environment > click the Server Status button and check the server name and IP address are as expected.
8) Perform test authentication using RSA Authentication Agent In the Windows Control Panel, click RSA Security Center icon > Configuration tab > Authentication Test > Test button > choose the authenticator type and enter a user name and Passcode. Below is an example of a successful test authentication (where the assigned token was in new PIN mode) in the Authentication Activity Monitor. The Authentication Manager 7.0 system is called ?am70.local.net? with an IP address of 192.168.1.20 and the user is ?mbell? with an assigned token of ?0000nnnnnnnn?.
Authentication Activity Monitor results (minus the Time column) : Activity Key | Description | Reason | User ID | Agent | Server Node IP | Authentication attempted. | Authentication attempted for user ?mbell? in security domain ?SystemDomain? from ?SystemIS? identity source. Request originated from agent ?am70.local.net? with IP address ?192.168.1.20? in security domain ?SystemDomain? with protocol version ?SystemIS?. Authentication method: ?SecurID_Native?, Authentication policy exp: ??, Activation Group: ??, Token serial number: ?0000nnnnnnnn?, Alias: ?? | Authentication succeeded. | mbell | am70.local.net | 192.168.1.20 | Authentication attempted. | Authentication attempted for user ?mbell? in security domain ?SystemDomain? from ?SystemIS? identity source. Request originated from agent ?am70.local.net? with IP address ?192.168.1.20? in security domain ?SystemDomain? with protocol version ?SystemIS?. Authentication method: ?SecurID_Native?, Authentication policy exp: ??, Activation Group: ??, Token serial number: ?0000nnnnnnnn?, Alias: ?? | Authentication succeeded in new PIN mode | mbell | am70.local.net | 192.168.1.20 | PIN changed attempted. | User ?mbell? in security domain ?SystemDomain? from identity source ?SystemIS? attempted to change pin for token serial number ?0000nnnnnnnn?. | PIN change accepted. | mbell | am70.local.net | 192.168.1.20 |
For more information see the documentation on the DVD or online in RSA SecurCare Online: RSA Authentication Manager 7.0 Release Notes https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/rel_notes/index.html RSA Authentication Manager 7.0 Administrator's Guide https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/admin.pdf RSA Authentication Manager 7.0 Getting Started https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/getting_started.pdf RSA Authentication Manager 7.0 for Installation Guide https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/install.pdf RSA Authentication Manager 7.0 Planning Guide https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/planning.pdf |