Welcome the RSA SecurID® Access Cloud Only Trial. This trial lets you harness the power of RSA SecurID Access from end-user to administration and setup. You’ll be able to see how RSA can provide secure and convenient access to your users for any application cloud to ground. Experience RSA SecurID Access's administrative policies, create and manage users, and perform modern mobile authentication like push to approve with the RSA SecurID Authentication App in minutes. Then apply what you learn to add your own applications and users.
|Cloud Administration Console||A web-based interface for setup and daily management.|
|Cloud Authentication Service||Performs run-time authentication for protected resources.|
|RSA SecurID Authenticate app||User-downloadable app found in the Apple App Store, Google Play, or Microsoft Store used to register your devices.|
|A web-based application portal||Provides links to available applications.|
You also get four demo applications in the Cloud and four demo user accounts in the hosted LDAP directory server. You cannot use your on-premises LDAP directory server.
If you have any questions, contact your RSA Sales representative, or call 800-995-5095 or 1-781-515-7700 and option 1.
If you have not yet signed up for the trial, go to RSA SecurID Access Cloud Only Trial, and complete the form. After you confirm your email address, RSA will send you the URLs and sign-in credentials for your demo user accounts.
If you already signed up, you're ready to start! Go to step 2.
Step 2: Register Your Device
Have your mobile device handy. In this step, you register your mobile device with RSA SecurID Access, so that you can use mobile authentication options such as push notifications (Approve).
Using the URL for the application portal provided in your email from RSA, sign in using your credentials.
You are prompted to share your location. You can allow or block it.
In the application portal, you see icons for App A, App B, the hosted LDAP directory server, RSA SecurID Access My Page, the tutorial, and video.
Click My Page and sign in with your credentials.
Follow the prompts to download the RSA SecurID Authenticate app onto your device, and register it using either a QR code or numeric registration code.
That's all there is to device registration. Now let's use the app to try a simple Approve authentication.
Step 3: Do a Test Authentication
- Sign out of the application portal and sign in again.
Click App B. You are prompted to Approve.
You are prompted to allow the service to remember your browser, which can simplify future authentications. You can allow or block it.
Let's explore how you can use policies to control which users can access your applications and how users will authenticate. We'll examine the policy assigned to App B, which you just authenticated to.
Using the URL for the Cloud Administration Console provided in your email from RSA, sign in using your credentials.
You see the main dashboard page.
- Click Applications > My Applications to see the list of demo applications.
- For App B, click Edit. When the application opens, click the User Access tab. This is where you associate a policy with an application. Notice that the policy assigned to this application is named Allow All Authenticated Users - Low Assurance.
- Now click Access > Policies to see a list of all of the policies currently configured. Scroll down to Custom Policies and find Allow All Authenticated Users - Low Assurance. This policy governs access to App B, which you just viewed. Click Edit to open the policy.
Click the Rule Sets tab. This page provides important configuration settings you need to know about and will want to experiment with later. (Don't change any settings now, though.)
The Target Population field tells you who this policy applies to. In this case, it's for all users. Later, you will be able to use this setting to target selected groups of users based on LDAP attributes such as network, job title, and department.
The Access and Additional Authentication fields tell you that users who authenticate are allowed to access applications with no conditional limitations.
The Assurance Level is the list of authentication options available for this target population.
It's easy to modify Assurance Levels so they meet your particular needs. Let's take a quick look. Click Access > Assurance Levels.
You can see that assurance levels are categorized as High, Medium, and Low. Each level contains different options with varying security strengths. You can modify each level by adding or removing options. Assurance levels help ensure that your most sensitive digital assets are protected by the strongest authentication that is appropriate for your users, while less important assets remain easier for users to access.
Notice that the High level combines multiple options for added security, while the Low level includes options that are relatively simple and convenient for users.
Leave this browser tab open.
Now let's make a few changes to an existing access policy.
- In the Cloud Administration Console, click Access > Policies.
- Scroll down to Allow All Authenticated Users - Low Assurance, and click Edit.
- Change the name to Managers or Non-Managers, and click Next Step > Next Step.
Add a rule set to require non-managers to authenticate with Medium Assurance or higher:
Under Target Population, do the following:
- Scroll up to the Rule Set Name field, and enter Non-Managers.
Under Access Details, select Medium from the Assurance Level drop-down list.
The default Medium assurance level requires users to authenticate with either a Device Biometric, such as Fingerprint or Face ID, or the Authenticate Tokencode, an eight-digit number that displays on the home screen of the Authenticate app. Users can also select from options in the High assurance level.
Add a rule set to not require additional authentication for managers:
- Scroll to the top of the page, and click Add a Rule Set.
- In the Rule Set Name field, and enter Managers.
Under Target Population, do the following:
- Click Selected Users > Add.
From the User Attribute drop-down list, select title.
From the Operation drop-down list, select Set contains any.
In the Value field, enter manager.
- Click Save.
- Under Access Details, select Allowed > Not Required.
- Click Save and Finish.
- Click Publish Changes.
Let's test our new policy requirements with two demo users, Sanjay Sample (not a manager) and Emilio Example (a manager). Refer to your email for their credentials.
On two other iOS, Android, or Windows 10 devices, register devices for Sanjay and Emilio. Follow the instructions in RSA SecurID Access Cloud Only Trial Tutorial.
Do not use the device that you used for yourself in Step 4 because a device can only be registered to one user, unless it is a Windows 10 PC.
If you want Sanjay to use Device Biometrics later to access App B, be sure that biometrics (for example, Fingerprint or Face ID) are set up on Sanjay's device.
Sign out of the application portal.
Sign into the application portal as Sanjay. Open App A.
Sanjay gets in because App A does not require additional authentication beyond the credentials used to sign into the portal.
Open App B and authenticate.
Because Sanjay is not a manager, he is prompted to complete additional authentication. Notice that the Medium (and High) assurance level options are available.
- Sign out of the application portal.
Sign into the application portal with Emilio's credentials. Open App A.
Like Sanjay, Emilio gets in because App A does not require additional authentication beyond the credentials used to sign into the portal.
Open App B.
Emilio gets in because App B does not require additional authentication for managers.
Sign out of the application portal.
- (Optional) Test with the other demo users.
You've now done a few test authentications with demo users and apps. Next let's add your own users in the hosted identity source and one of your own SAML applications to protect.
Test with Your Own Users
Add your users in the hosted identity source:
- Sign into the application portal with your credentials.
- Open LDAP Admin.
- In the left frame, expand dc=sidx,dc=net.
- Click on the plus sign to expand ou=People, and click Create new entry here.
Click Generic: inetOrgPerson entry and enter the details of one of your users.
Be sure to enter the mobile number of the device that will be used for device registration. Also, you can specify the title manager, if you want.
- Click Create Object.
- To add an additional attribute for the user, click Add new attribute, select the attribute from the drop-down list, and enter the value.
- Click Commit.
- Add additional users, as desired.
Synchronize the hosted identity source and the Cloud Authentication Service with the latest changes:
- In the Cloud Administration Console, click Users > Identity Sources.
From the identity source Edit drop-down list, select Synchronization.
Click Synchronize Now.
The users are now in the Cloud Authentication Service.
- Instruct your users to complete RSA SecurID Access Cloud Only Trial Tutorial on their own devices.
Ask your non-manager users to open App B.
They are prompted for authentication options in the Medium and High assurance levels.
Protect Your Own SAML Application
On RSA Ready in the RSA SecurID Access category, find a SAML application that you use.
Note: The Cloud Only Trial is limited to only SAML applications.
Follow the instructions in the guide.
When you add the application in the Cloud Administration Console, you can either use an existing policy or create a new one.
- In the application portal, click the new application and authenticate to it.
Now that you have successfully completed the Cloud Only Trial basics, where do you want to go from here? There are a number of options, depending on what you want to do.
- Continue to add your own users, policies, and applications in this environment. Remember that this environment will be deleted after 14 days.
- For more information, contact your RSA sales representative, or call 800-995-5095 or 1-781-515-7700 and option 1.
- Sign up for the RSA SecurID Access Cloud and On-Premises Trial, where you can install the product in your own environment and connect to any application (for example, RADIUS) with ten users.
|I’ve requested my free trial. Where do I get my sign-in credentials?||You will receive an email from RSA SecurID Access Cloud Only Trial with the information you need to sign into the Cloud Administration Console and the RSA SecurID Access Application Portal.|
|I signed up for the trial and received a message that no environments are available.||Contact your RSA Sales representative, or call 800-995-5095 or 1-781-515-7700 and option 1.|
|I forgot my credentials to sign into the Cloud Administration Console.|| |
Call 1-800-995-5095 or 1-781-515-7700 and option 1 to have your account reset.
|I forgot the credentials for a user.|| |
|I am not sure how to register a device or download the RSA SecurID Authenticate app.||Follow the instructions in My Page to download the app and register a device. See RSA SecurID Access Cloud Only Trial Tutorial.|
|A user lost or broke a registered device and needs to complete device registration again.||In the Cloud Administration Console, delete the user's device. For instructions, see Manage Users for the Cloud Authentication Service.|
|I want to run a report to see which users have a registered device.||In the Cloud Administration Console, generate the All Synchronized Users report. For instructions, see Run User Reports.|
|How many users can I test with?||In addition to the demo users, you can add 6 of your own users.|
|How do I add additional administrators?|
|How long is my trial good for?|| |
This trial is valid for 14 days after registration. You will receive an email before your trial expires with options if you want to extend it.
If you want to keep using the trial, you must register again. You also must remove the previous account from your RSA SecurID Authenticate app with a simple swipe to delete and then re-register your device just as you did previously.
|What LDAP user attributes are synchronized to the Cloud Authentication Service?|| |
You can see these attributes in the Cloud Administration Console.