RSA Authentication Manager is the authentication, administration, and database management component of RSA SecurID, which provides strong authentication of users accessing valuable network resources. With Authentication Manager, you can deploy and manage RSA SecurID hardware and software tokens, administrators, users, and authentication agents.
Perform these tasks to get started with Authentication Manager:
Add security domains. All Authentication Manager objects, such as users and agents, are assigned to a security domain, which helps you to organize and manage your deployment. It also allows you to limit the scope of administrators' control by limiting the security domains they can access. Security domains are organized in a hierarchy.
For more information, see Security Domains.
Add an LDAP directory as an identity source. You can configure Authentication Manager to read user and group data directly from an LDAP directory. You can also add users to the internal database. For more information, see Add a User with Options to the Internal Database.
Add administrators. Administrators manage all aspects of your deployment, such as users and security domains. You can create different administrators with different permissions and areas of administrative responsibility, depending on your organization’s needs. To add a new administrator, you can assign a built-in administrative role to a user, or you can create a customized administrative role and assign it to a user. For more information, see Assign an Administrative Role and Add an Administrative Role.
Add password policies. Password policies define users’ password length, format, and frequency of change.
For more information, see Add a Password Policy.
Add token policies. Token policies determine RSA SecurID PIN lifetime and format, and fixed passcode lifetime and format. They are assigned to security domains and apply to all tokens assigned to users managed by a given security domain.
For more information, see Add a Token Policy.
Add lockout policies. Lockout policies define how many failed logon attempts users can make before their accounts are locked.
For more information, see Add a Lockout Policy.
Add risk-based authentication (RBA) policies. Required if you use RBA as a multifactor authentication solution to strengthen password-based authentication by incorporating knowledge of the client device and user behavior to assess the potential risk of an authentication request.
For more information, see Add a Risk-Based Authentication Policy.
Add self-service troubleshooting policy. Required if you use the Self-Service Console. Self-service troubleshooting policy allows you to determine the number of times a user can unsuccessfully attempt to authenticate to the RSA Self-Service Console before the user's account is locked. Locked-out users can be re-enabled either by an administrator or automatically by the system after a specified time frame.
For more information, see Add a Self-Service Troubleshooting Policy.
Associate these policies with security domains. The policy that you select for the security domain overrides the default policy.