Radiant Logic RadiantOne Cloud Federation Service - Authentication API Configuration - SecurID Access Implementation Guide
2 years ago
Originally Published: 2022-05-23

This section describes how to integrate SecurID Access with Radiant Logic RadiantOne Cloud Federation Service using the Authentication API.

Architecture Diagram

jaink9_0-1653306236998.png

Login / Password

Login into CFS with your Tenant Administrator account and navigate to Authentication | Login / Password.

 

Configuration

  • Enable the Login / Password authentication on CFS Master and / or CFS Proxy.

  • Enter the name of the attribute that will be used to identify the user in the identity store to validate the credentials.

  • Enter the message you want your users see to know what identifier to use when login in (e.g. Username or Email Address).

  • Every authentication method is associated with a Level of Assurance (LOA) This level can be used to enforce access permissions for applications. To indicate the LOA a person will be associated with when they login with a login / password, select the appropriate value from the "Level of Assurance" drop-down list.

jaink9_1-1653306570231.png

This is the login page when you enable Login / Password authentication.

jaink9_2-1653306596191.png

 

RSA SecurID

You can configure RSA SecurID to be embedded into the Login / Password form.

  • Enable the feature.

  • Enter the URL of the RSA server, including the port your Authentication API listens on. Please refer to the RSA documentation to ensure you have the authentication API configured properly.

  • Enter the Access Key for the Authentication API.

  • Enter the authenticaton agent name that is used with the Authentication API. Please refer to the RSA documentation linked above for how to configure the agent.

  • Enter the FID attribute that correponds to your users' User ID in RSA.

  • Enter a text to help your users provide the correct information in the form.

  • Every authentication method is associated with a Level of Assurance (LOA). This level can be used to enforce access permissions for applications. To indicate the LOA a person will be associated with when they login with a login / password, select the appropriate value from the "Level of Assurance" drop-down list.

jaink9_3-1653306627239.png

This is the login page when you enable RSA SecurID in the Login / Password form.

jaink9_4-1653306754973.png

 

Two-Step Verification

RadiantOne CFS has it's own two-step verification system.

 

  • You can force the two-step verification for every single user trying to login with Login / Password authentication.

  • Allow the users to Identity verification with a smartphone application to use the two-step verification.

  • Every authentication method is associated with a Level of Assurance (LOA). This level can be used to enforce access permissions for applications. To indicate the LOA a person will be associated with when they login with a login / password, select the appropriate value from the "Level of Assurance" drop-down list.

 

Note: This feature cannot be combine with RSA SecurID.

jaink9_5-1653306780950.png

When the user login using a login / password, he will be asked to provide a temporary password.

 

  • If he is using a smartphone application, he can choose "I have a code" and enter the one provided by the application. See how to enable two-step verification for the user.

  • He can request an email containing the temporary code.

  • If the external service Twilio is configured, he can request a text message or a phone call.

jaink9_6-1653306802528.png

 

Return to the main page for more certification related information.

Related Articles

Trending Articles

Don't see what you're looking for?