RSA SecurID Access Rollout to Users

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Sep 15, 2017
Version 18Show Document
  • View in full screen mode
 

After you finish setting up your RSA SecurID Access deployment, roll out RSA SecurID Access to your users. The rollout involves communicating information about the user experience, for example, the application portal for an SSO Agent deployment, the RSA SecurID Authenticate app, emergency access, and system requirements.

For a sample e-mail that you might use to communicate this information, see Sample Rollout Email for RSA SecurID Access Users .

 

Application Portal

Provide both the portal application URL and sign-in credentials (if applicable) to users.

                    
Item Description
URL  
  • If you are using the standard portal and have only one identity router, the application portal URL is the Portal Hostname that you specified when you added an identity router in the Cloud Administration Console. To see the hostname, edit the identity router.

    When users enter the portal hostname, RSA SecurID Access automatically redirects them to the application portal. For example, when users go to https://portal.sso.domain.com, RSA SecurID Access automatically redirects users to https://portal.sso.domain.com/WebPortal.

  • If you are using the standard portal and have a cluster of identity routers for high availability, the application portal URL is the Load Balancer DNS Name that you specified when you added a cluster. To see the name, edit the cluster.
  • If you are using the custom portal, the application portal URL is the Login Page that you specified when you configured custom portal settings in the Cloud Administration Console. To see the login page, edit the custom portal settings.
Sign-in credentials  

Instruct users to sign in with their user ID (username or e-mail address, depending on your configuration) and password. If you have configured Integrated Windows Authentication (IWA), RSA SecurID Access automatically authenticates eligible users to the application portal without prompting them for their username and password.

 

RSA SecurID Authenticate App

If you are using authentication methods available in the RSA SecurID Authenticate app, instruct users to install the RSA SecurID Authenticate from the Apple App Store, Google Play, or Microsoft Store and complete device registration on their devices. iOS users download the app directly to their devices or to iTunes and then synchronize to their devices. Android and Windows users download and install the app directly to their devices.

Note:   If your company uses SSL interception, iOS or Android users must complete device registration using cellular data or a Wi-Fi network not associated with your company. If users use corporate Wi-Fi, they will see an Untrusted Connection error message during device registration that instructs them to use cellular data or a different Wi-Fi network to continue.

Provide the following information to users to enter during device registration:

                    
Item Description
User ID User's email address in LDAP directory server (called User ID).
Company ID The Company ID is displayed in the Cloud Administration Console under My Account > Company Settings > Company Information.
Password User's password in LDAP directory server.

The Authenticate app on iOS and Android uses notifications to simplify the authentication process. A mobile app user can disable notifications but must perform an extra step to authenticate using a mobile authentication method. After the user sees the Contacting Your Mobile Device screen in the browser, the user must open the app or pull down on the top of the app to manually retrieve the notification to continue the authentication process.

Emergency Access

Instruct users what to do if they cannot use their preferred authentication methods. This situation may occur for a variety of reasons, for example, if the user lost an RSA SecurID token or FIDO token, or the user cannot locate the mobile phone where the RSA SecurID Authenticate app is registered, or the mobile phone cannot be charged. In such cases, several methods are available for emergency access, including SMS tokencode. See Emergency Access for more information.

 

 

You are here
Table of Contents > End User Rollout > RSA SecurID Access Rollout to Users

Attachments

    Outcomes