000033920 - How to turn off or disable the RSA SecurID Access Portal

Document created by RSA Customer Support Employee on Nov 2, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033920
Applies ToRSA Product Set: SecurID Access
RSA Product/Service Type: Cloud
IssueThere is a requirement to limit access to the RSA SecurID Access portal for some or all users, and only allow applications to be accessed through each application-specific URL.

You can limit login to the Portal by IP address or other criteria, similar to what can be done per application. For example, you could limit access such that only your company's private IP addresses are allowed to login. For more information see Portal Multifactor Authentication Policy  . You can set IP restrictions in Access policy . A login attempt by a user who is denied by policy results in the message "Access Denied. Contact your administrator" on the login page, and the login is not allowed. 
Alternatively, you can allow a Portal login but limit which applications are displayed in the Portal. Refer to Application Availability and Visibility. If there are no applications that are displayed in the Portal, or if a user is denied access to all applications, then a login to the Portal is allowed, but no applications are shown. Instead the message "You are not permitted to access any applications. Contact your administrator." is displayed. 
To block access to the portal login page entirely would need to be done on your company's network outside of SecurID Access using a URL filtering device such as a Web Application Firewall. Bear in mind that redirect URLs used during single sign-on (SSO) include the Portal domain name, so access to the Portal domain name cannot be blocked entirely - certain URL patterns will need to be allowed. 

ResolutionThere is no RSA SecurID Access configuration option to disable the Portal entirely. The URL for it is always available.
The Portal does not display all applications to all users. Only those to which the signed in user has access, optionally with some step-up authentication, are displayed. Note that, having the ability to login to the Portal will not allow a user to access an application for which they do not have an entitlement. 
In addition to displaying applications the user has rights to login to, the Portal also:
  • Provides online help
  • Allows Portal password changes (The Change Password menu option is under the user ID when the user is signed in).
  • Allows some application passwords to be changed (The Applications Settings menu option is available when the user is signed in).
  • Optionally, the Portal can provide Administrator Contact information, such as for your company's IT help desk.