RSA Self-Service Overview RSA Self-Service Overview

RSA Self-Service automates the authenticator deployment process and provides a Self-Service Console. The Self-Service Console is a web-based interface that you configure to provide a variety of services to Authentication Manager users.

RSA Self-Service includes the following components:

Self-Service. A configurable console where users can manage many day-to-day tasks related to authentication, token, and user accounts without calling the Help Desk. Self-Service can reduce the call volume to your Help Desk and aid in providing 24-hour support for your users.

Provisioning. A web-based workflow system for the rapid deployment and lifecycle management of SecurID authenticators. Users can perform many of the steps in the authenticator deployment process, and the system automates the workflow. Provisioning can reduce administrative overhead associated with deploying authenticators, especially in large-scale deployments.

RSA recommends installing the Self-Service Console on a secure server on a web tier in the DMZ. This installation offers the convenience of Self-Service to remote users, while protecting your internal resources. Self-Service configuration menus are integrated into the RSA Security Console. You can customize the Self-Service Console, for example to display your logo, and the Self-Service features that it displays.

The tasks that users can perform from the Self-Service Console depend on the options that you enable and whether the user’s data is stored in an internal or external identity source.

By default the Self-Service Console allows users to make requests to be added to the system after answering a set of security questions. Additionally, you can configure Authentication Manager to allow users to perform the following tasks on the Self-Service Console:

• Request an SecurID token

• Manage their SecurID PIN

• Configure security questions for identity confirmation

• Update their profile information, for example, a mobile phone number or e-mail address

• Change their Self-Service Console passwords

• Clear the risk-based authentication (RBA) device history to unregister devices

• Change e-mail address or phone number for on-demand authentication (ODA)

• Manage their ODA PIN

• View user group membership

Note: Users can only modify data that is stored in the internal database. Users cannot use the Self-Service Console to modify data that is stored in an LDAP directory, except when a password change is forced.