RSA Authentication Manager Identity Sources

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

An identity source is a repository that contains user and user group data. Each user and user group in a deployment is associated with an identity source.

Authentication Manager supports the following as identity sources:

  • An LDAP directory

    Authentication Manager supports the following directories as identity sources:

    • Microsoft Active Directory 2008 R2

    • Microsoft Active Directory 2012

    • Microsoft Active Directory 2012 R2

    • Microsoft Active Directory Lightweight Directory Services 2012 R2

    • Sun Java System Directory Server 7.0

    • Oracle Directory Server Enterprise Edition 11g

    • OpenLDAP 2.4.40

    In Active Directory, you can add a Global Catalog as an identity source, when some or all of the Active Directory servers in the Active Directory forest are used as identity sources. In such a case, you can use the Global Catalog for runtime activities, such as looking up and identifying users and resolving group membership within the Active Directory forest. You cannot use a Global Catalog identity source to perform administrative tasks.

    Note:  RSA Authentication Manager only supports Active Directory Lightweight Directory Services without domain controllers.

  • The Authentication Manager internal database

Data from an LDAP Directory

Authentication Manager has read-only access to all LDAP directory identity sources. After a directory is integrated with Authentication Manager, you can use the Security Console to do the following:

  • View (but not add or modify) user and user group data that resides in the directory.

  • Perform Authentication Manager administrative tasks. For example, enable or disable the use of on-demand authentication (ODA) and risk-based authentication (RBA), or assign tokens or user aliasesto individual users who reside in the directory.

You must use the LDAP directory native user interface to modify data in a directory.

Data from the Internal Database

Authentication Manager provides an internal database where you can create users and user groups. For users and user groups in the internal database, administrators can use the Security Console to do the following:

  • Add, modify, and view user and user group data.

  • Enable or disable Authentication Manager functions, such as ODA and RBA, for individual users, including users whose accounts are in an LDAP directory.

The following information is stored only in the internal database:

  • Data that is specific to Authentication Manager, such as policies for administrative roles, and records for authentication agents and SecurID authenticators

  • Data that links Authentication Manager with LDAP directory user and user group records

 

 


Attachments

    Outcomes