Authentication Agent Configuration - Cisco ISE RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on Dec 3, 2018
Version 1Show Document
  • View in full screen mode

This section contains instructions on how to integrate RSA SecurID Access with Cisco ISE as an authentication agent.

Architecture Diagram

RSA Authentication Manager

To configure your RSA Authentication Manager for use with an authentication agent, you must create an agent host record in the Security console of your Authentication Manager and download its configuration file (sdconf.rec).

Agent host record configuration differs slightly depending on whether you are using a UDP-based agent (using 8.1.x or earlier RSA Agent API) or TCP-based agent (using 8.5 or newer RSA Agent API).

If UDP-based agent:

  • Hostname: Configure the agent host record name to match the hostname of the agent.
  • IP Address: Configure the agent host record to match the IP address of the agent.

Note:  Authentication Manager must be able to resolve the IP address from the hostname

If TCP-based agent:

  • Hostname: Configure the agent host record name to match the agent name as specified in the agent's configuration. It does not have to match the hostname of the authentication agent.
  • IP Address: Leave blank. Any input to this field will be disregarded.

 

Cisco ISE

Follow the steps in this section to integrate Cisco ISE with RSA SecurID Access as an authentication agent.

Procedure

1. Login to Cisco ISE Administrative Console and browse to Administration > Identity Management > External Identity Sources > RSA SecurID and click Add.

2. Click to Import new ‘sdconf.rec’ file, mark the checkbox to Reauthenticate on Change PIN and click Submit.

If integrating your RSA SecurID External Identity Source with Guest Access Portal you will need to add it to an Identity Source Sequence.

3. Browse to Administration > Identity Management > Identity Source Sequences and click to Add or Edit an Identity Source Sequence.

4. Add your RSA SecurID External Identity Source to the Selected window in the Authentication Search List section and click Save.

 

SecurID Agent Integration Details

                             
RSA Authentication Agent API8.1.3 for C
RSA SecurID Authentication API (REST)n/a
RSA SecurID User SpecificationAll Users
Display RSA Server InfoNo
Perform Test AuthenticationNo
Agent TracingNo
                               
Agent FilesLocation
sdconf.recIn Memory
sdopts.recIn Memory
Node secretIn Memory
sdstatus.12 / jastatus.12In Memory
rsa_api.propertiesn/a

 

This section is provided to show an administrator how to load, remove, or update the sdopts.rec, sdstatus.12 and Node Secret file if it was not previously documented under the Partner Authentication Agent Configuration section. It is also provided to list any technologies or terms specific to the Partner product that may not be viewed as common knowledge. If a testing utility has been added to the product so that you can test RSA SecurID authentications from the product then add a note on how to get to and use the utility.

Node Secret: (C and Java Agents only)

To reset the node secret:

1. Browse to Administration > Identity Management > External Identity Sources > RSA SecurID.

2. Edit the RSA SecurID Identity Source, and open the RSA Instance Files tab.

3. Set the Reset securid File drop-down menu to Remove on Submit, and click Save.

4. Click Save to save your changes.

sdconf.rec: (C and Java Agents only)

To add or update the sdopts.rec file:

1. Browse to Administration > Identity Management > External Identity Sources > RSA SecurID.

2. Browse to the sdconf.rec file and click Save.

3. Reboot the ISE appliance.

sdopts.rec: (C and Java Agents only)

To add or update the sdopts.rec file:

1. Browse to Administration > Identity Management > External Identity Sources > RSA SecurID.

2. Edit the RSA SecurID Identity Source, and open the RSA Instance Files tab.

3. Click the Update Options file link.

4. Browse to the sdopts.rec file and click OK.

5. Click Save to save your changes.

6. Reboot the ISE appliance.

sdstatus.12: (C and Java Agents only)

To reset the sdstatus12:

1. Browse to Administration > Identity Management > External Identity Sources > RSA SecurID.

2. Edit the RSA SecurID Identity Source, and open the RSA Instance Files tab.

3. Set the Reset sdstatus.12 File drop-down menu to Remove on Submit, and click Save.

4. Click Save to save your changes.

 

Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the Authentication Agent configuration to your use case.

 

Attachments

    Outcomes