000025778 - Test Authentication with RSA Authentication Manager 7.0

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025778
Applies ToAuthentication Manager 7.0
Microsoft Windows
RSA Authentication Agent
Test Authentication
Test Access
IssueTest Authentication with RSA Authentication Manager 7.0
Resolution

Overview of requirements after a clean installation of RSA Authentication Manager 7.0:

 

1)       Token seed records imported into the RSA Authentication Manager

Please refer to page 64 in the RSA Authentication Manager 7.0 Administrator?s Guide ? Importing Token Records

2)       User account in RSA Authentication Manager 7.0 ? migration, LDAP source or adding users to the internal database

Please refer to page 11, Chapter 1: Preparing RSA Authentication Manager for Administration in the RSA Authentication Manager 7.0 Administrator?s Guide. Refer to page 24 to add a user to the internal database with the RSA Security Console.

3)       Assigning a token to a user account

Please refer to page 65 in the RSA Authentication Manager 7.0 Administrator?s Guide ? Assigning and Unassigning Hardware Tokens or page 67 for Assigning, Unassigning and Issuing Software Tokens

4)       Authentication Agent configured in RSA Security Console

For this solution we will assume the RSA Authentication Agent for Windows has been installed on the same system as RSA Authentication Manager 7.0 software. Please refer to knowledge article ?How to add the RSA Authentication Manager Primary as an Agent Host on Authentication Manager 7.0? to configure the Authentication Agent in the RSA Security Console.

 

** At this point a user has been created and assigned a token. A standard authentication agent has been added to the internal database,  enabled, and configured where all users can access it. **

 

5)       Test Access

In the RSA Security Console, click Access > Test Access

Enter the name of the Authentication Agent

Enter the User ID for the account previously created

Click Test

The test results displays whether the user is configured on the authentication agent. If the results say something like ?Yes, the user has been granted access to the authentication agent? then continue with a Test Authentication from the RSA Authentication Agent software.

6)       Start the Activity Log monitor

In the RSA Security Console, click Reporting > Real-time Activity Monitors > Authentication Activity Monitor

In the new window, select relevant display results and click Start Monitor

Note: Chapter 6 in the RSA Authentication Manager 7.0 Administrator?s Guide covers Logging and Reporting

7)       Check the RSA Authentication Agent is authenticating to the RSA Authentication Manager 7.0 system.

In the Windows Control Panel, click RSA Security Center icon > Configuration tab > Server Environment > click the Server Status button and check the server name and IP address are as expected.

8)       Perform test authentication using RSA Authentication Agent

In the Windows Control Panel, click RSA Security Center icon > Configuration tab > Authentication Test > Test button > choose the authenticator type and enter a user name and Passcode.

Below is an example of a successful test authentication (where the assigned token was in new PIN mode) in the Authentication Activity Monitor. The Authentication Manager 7.0 system is called ?am70.local.net? with an IP address of 192.168.1.20 and the user is ?mbell? with an assigned token of ?0000nnnnnnnn?.


Authentication Activity Monitor results  (minus the Time column) :

 

Activity Key

Description

Reason

User ID

Agent

Server Node IP

Authentication attempted.

Authentication attempted for user ?mbell? in security domain ?SystemDomain? from ?SystemIS? identity source. Request originated from agent ?am70.local.net? with IP address ?192.168.1.20? in security domain ?SystemDomain? with protocol version ?SystemIS?. Authentication method: ?SecurID_Native?, Authentication policy exp: ??, Activation Group: ??, Token serial number: ?0000nnnnnnnn?, Alias: ??

 

Authentication succeeded.

mbell

am70.local.net

192.168.1.20

Authentication attempted.

Authentication attempted for user ?mbell? in security domain ?SystemDomain? from ?SystemIS? identity source. Request originated from agent ?am70.local.net? with IP address ?192.168.1.20? in security domain ?SystemDomain? with protocol version ?SystemIS?. Authentication method: ?SecurID_Native?, Authentication policy exp: ??, Activation Group: ??, Token serial number: ?0000nnnnnnnn?, Alias: ??

 

Authentication succeeded in new PIN mode

mbell

am70.local.net

192.168.1.20

PIN changed attempted.

User ?mbell? in security domain ?SystemDomain? from identity source ?SystemIS? attempted to change pin for token serial number ?0000nnnnnnnn?.

PIN change accepted.

mbell

am70.local.net

192.168.1.20

 

For more information see the documentation on the DVD or online in RSA SecurCare Online:

 

RSA Authentication Manager 7.0 Release Notes

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/rel_notes/index.html

 

RSA Authentication Manager 7.0 Administrator's Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/admin.pdf

 

RSA Authentication Manager 7.0 Getting Started

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/getting_started.pdf

 

RSA Authentication Manager 7.0 for Installation Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/install.pdf

 

RSA Authentication Manager 7.0 Planning Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/planning.pdf

WorkaroundA realm administrator wants to check that a user can authenticate via the test authentication option found in RSA Authentication Agent for Windows software.
Legacy Article IDa37693

Attachments

    Outcomes