Is it possible to have dual authentication on RSA Archer? LDAP and RSA Archer Local Authentication
I have the following scenario: The customer has RSA Archer integrated with LDAP (AD) and needs to submit vendor risk assessment questionnaires, but these vendors do not have logins in their AD user base. These vendor must be registered as users directly at the RSA Archer base to access the platform. However with integration it is not possible to login through RSA Archer directly. Does anyone have a solution to this problem?
Denis, in the Archer Control Panel, if you have the Allow manual bypass setting enabled under the Single Sign-On tab for the instance along with setting the default instance under the General tab, Default Instance section on the Installation Settings tab you can use the following url https://url/default.aspx?manuallogin=true to manually login to Archer.
Unfortunately it did not work. The LDAP login screen still appears even though the Allow manual bypass setting is enabled. Is it the case to open a ticket in RSA support?
It's not a flaw Denis. I overlooked the SSO aspects when it comes logging into Archer. SSO authentication happens before Archer authentication.
Being the vendors aren't in your LDAP they will get the prompt you're seeing. There's noting in Archer that can bypass SSO.
We have SSO setup and use manual bypass for test accounts.
How are vendors accessing it? Have you tested the manual bypass link yourself just to ensure the Archer screen comes up? My first instinct is a proxy/firewall issue.
Though you'd still authenticating with your LDAP account first before hitting the manual bypass URL. His issue is that the vendors don't have an LDAP to authenticate to first via SSO before hitting the manual bypass URL.
My organization has a similar situation and we cannot provide AD accounts for the vendors to bypass SSO. Would it be possible to have both SSO as well as manual authentication for the same instance of Archer?