RADIUS with AM Configuration - Cisco ISE RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on Dec 3, 2018Last modified by RSA Information Design and Development on Jan 2, 2019
Version 2Show Document
  • View in full screen mode

This section contains instructions on how to integrate Cisco ISE with RSA Authentication Manager using RADIUS.

Architecture Diagram

RSA Authentication Manager

To configure your RSA Authentication Manager for use with a RADIUS Agent, you must configure a RADIUS client and a corresponding agent host record in the Authentication Manager Security Console.

The relationship of agent host record to RADIUS client in the Authentication Manager can 1 to 1, 1 to many or 1 to all (global).

RSA Authentication Manager listens on ports UDP 1645 and UDP 1812.


Cisco ISE

Follow the steps in this section to integrate Cisco ISE with RSA SecurID Access as a RADIUS client.


1. Login to Cisco ISE Administrative Console and browse to Administration > Identity Management > External Identity Sources > RADIUS Token and click Add.

2. In the General tab, enter a Name and then open the Connection tab.

3. Configure the Server Connection settings and click Save.

Enable Secondary Server: Mark the checkbox to use a failover RSA SecurID Access RADIUS server.

Host IP: Specify the IP address of the RSA SecurID Access RADIUS server.

Authentication Port: Use the default port 1812.

Server Timeout: Set to 5 seconds.

If integrating your RADIUS External Identity Source with Guest Access Portal you will need to add it to an Identity Source Sequence.

4. Browse to Administration > Identity Management > Identity Source Sequences and click to Add or Edit an Identity Source Sequence.

5. Add your RADIUS External Identity Source to the Selected window in the Authentication Search List section and click Save.


Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the RADIUS configuration to your use case.