Table of Contents

•   Getting Started
  •   How RSA Authentication Manager Protects Your Resources
  •   Getting Started with RSA Authentication Manager
  •   RSA SecurID Authentication Process
  •   About the Security Console
  •   About the Operations Console
  •   Log On to the Security Console
  •   Log On to the Operations Console
  •   Search Fields That Are Not Case Sensitive
  •   Security Console Menus
  •   Help Desk Administrator Reference
•   Administrative Accounts
  •   System Administrator Accounts
  •   Add a Super Admin
  •   Operations Console Administrators
  •   Add an Operations Console Administrator
  •   View Operations Console Administrators
  •   Change an Operations Console Administrator's Password
  •   Delete an Operations Console Administrator
•   General Configuration
  •   System Settings
  •   Configure Session Handling
  •   Configure the Cache
  •   Configure Security Console Authentication Methods
  •   Set Console Display Options
  •   Set Personal Preferences
  •   Add Alternative IP Addresses for Instances
  •   Hide Menu Items from Administrators
  •   Allow the Use of Nonstandard Email Domains
  •   Update the Web Tier to Allow the Use of Nonstandard Email Domains
•   Authentication Agents
  •   RSA Authentication Agents
  •   Deploying an Authentication Agent that Uses the UDP Protocol
  •   Add an Authentication Agent
  •   Configure Agent Settings
  •   Generate the Authentication Manager Configuration File
  •   Download an RSA Authentication Manager Server Certificate
  •   Automatic Agent Registration
  •   Change the Auto-Registration Queue Size
  •   Search for Authentication Agents in Your Deployment
  •   Edit an Authentication Agent
  •   Generate an Integration Script for a Web-Based Application
  •   Configure Access Restrictions for an Existing Agent
  •   Controlling User Access With Authentication Agents
  •   Configuring a Restricted Agent to Control User Access
  •   Restricted Access Times for User Groups
  •   Access to Restricted Agents by Active Directory Groups
  •   Prevent Users from Authenticating on an Agent
  •   Allow a User Group to Authenticate on an Agent
  •   List Restricted Agents Accessible to a User Group
  •   Allow Users to Authenticate on an Agent
  •   View User Groups Allowed to Authenticate on a Restricted Agent
  •   View Enabled User Groups on an Unrestricted Agent
  •   Contact Lists for Authentication Requests
  •   Manage the Node Secret
  •   Refresh the Node Secret
  •   IPv4/IPv6 Authentication Agents
  •   Configure an IPv4/IPv6 Agent
  •   Resolving Common IPv4/ IPv6 Issues
•   RSA SecurID Authentication API for Authentication Agents
  •   Configure the RSA SecurID Authentication API for Authentication Agents
  •   Deploying an Authentication Agent that Uses the REST Protocol
  •   Generate an HMAC for Authentication Agents
•   Identity Sources
  •   RSA Authentication Manager Identity Sources
  •   Identity Source Properties
  •   Active Directory Global Catalog Identity Sources
  •   Active Directory Identity Sources that are not Global Catalogs
  •   OpenLDAP Attribute Requirements
  •   Add an Identity Source
  •   View the Identity Sources in Your Deployment
  •   Edit an Identity Source
  •   Edit the Internal Database
  •   Link an Identity Source to the System
  •   Verify the LDAP Directory Identity Source
  •   View Identity Sources Linked to the System
  •   Test Connection to an Identity Source from a Replica
  •   Unlink Identity Sources from the System
  •   Remove an Identity Source
  •   Updating Identity Source Properties
  •   Default Security Domain Mappings
  •   Add Default Security Domain Mappings
  •   Delete Default Security Domain Mappings
  •   Edit Default Security Domain Mappings
  •   Test Default Security Domain Mappings
  •   View Default Security Domain Mappings
  •   How a User Becomes Unresolvable
  •   How a User Group Becomes Unresolvable
  •   Scheduling Cleanup for Unresolvable Users and User Groups
  •   Schedule a Cleanup Job
  •   Manual Cleanup for Unresolvable Users
  •   Clean Up Unresolvable Users Manually
  •   Moving Users in an LDAP Directory
  •   Modifying a User in an LDAP Directory
  •   Modifying Group Membership in an LDAP Directory
•   Security Domains
  •   Security Domains
  •   Add a Security Domain
  •   Edit a Security Domain
  •   View Security Domain Details
  •   Duplicate a Security Domain
  •   Delete a Security Domain
  •   View the Policies Assigned to a User's Security Domain
•   Administrative Roles
  •   Administrative Role Overview
  •   Administrative Role Scope and Permissions
  •   Administrative Role Settings
  •   Adding Administrators
  •   Add an Administrative Role
  •   Assign an Administrative Role
  •   Unassign an Administrative Role
  •   Edit an Administrative Role
  •   Delete an Administrative Role
  •   View Administrative Roles
  •   Duplicate an Administrative Role
  •   View All Administrators Associated with an Administrative Role
  •   View All Administrative Roles Assigned to an Administrator
  •   Edit Permissions for an Administrative Role
  •   View Available Permissions of an Administrator
  •   Change the Scope of an Administrative Role
  •   Administrative Roles in Provisioning
  •   Customize Administrative Roles for Provisioning
  •   View Your Administrative Permissions
•   Users
  •   RSA Authentication Manager Users
  •   Add a User to the Internal Database
  •   Add a User with Options to the Internal Database
  •   Search for Users
  •   Use Advanced User Search
  •   Edit a User
  •   Change a User's Password
  •   Enable a User Account
  •   Disable a User Account
  •   Selecting an Authentication Method
  •   Move Users Between Security Domains
  •   Duplicate User IDs
  •   User PINs
  •   Allow All Users to Authenticate Without an RSA SecurID PIN
  •   Allow a User to Authenticate Without an RSA SecurID PIN
  •   Assign a User an Alias
  •   Enable Users to Update Phone Numbers and E-mail Addresses
  •   Clear an RSA SecurID PIN
  •   Clear the Cached Copy of a User's Windows Password
  •   Delete a User
  •   Enable Users to Reset Passwords After User and Token Export
  •   Duplicate a User
  •   Manage User Authentication Settings
  •   Locked User Accounts
  •   View Locked Users
  •   Unlock a User
  •   Require Password Change at Next Logon
  •   RSA SecurID PINs
  •   Require Users to Change Their RSA SecurID PINs
  •   Import PIN Unlocking Keys
•   User Groups
  •   RSA Authentication Manager User Groups
  •   Internal User Groups
  •   Add a User Group
  •   Search for User Groups
  •   Add a User to a User Group
  •   Edit User Groups
  •   Add Member User Groups to Other User Groups
  •   Delete User Groups
  •   Remove Users from User Groups
  •   Duplicate User Groups
  •   Maintain Authentication Agent Associations in a Duplicated User Group
  •   Move User Groups Between Security Domains
  •   Remove Member User Groups from User Groups
  •   Set Restricted Access Times for User Groups
  •   View User Group Members
  •   View User Group Memberships for a User
•   User Dashboard
  •   User Dashboard
  •   View the User Dashboard
  •   Add a User to a User Group in the User Dashboard
  •   Use Quick Search to View the User Dashboard for a User
  •   Assign and Distribute a Software Token to a User Using File-Based Distribution in the User Dashboard
  •   Assign a Hardware Token to a User in the User Dashboard
  •   Disable On-Demand Authentication for a User in the User Dashboard
  •   Assign a User Alias in the User Dashboard
  •   Require a User to Change a Password using the User Dashboard
  •   View Accessible Agents in the User Dashboard
  •   View Recent Authentication Activity in the User Dashboard
  •   Clear an RSA SecurID PIN in the User Dashboard
  •   Enable Users to Set Initial On-Demand Authentication PINs in the User Dashboard
  •   Disable a Token in the User Dashboard
  •   Disable a User Account in the User Dashboard
  •   Edit a User in the User Dashboard
  •   Enable a Token in the User Dashboard
  •   Enable a User Account in the User Dashboard
  •   Manage User Authentication Settings in the User Dashboard
  •   Provide an Offline Emergency Passcode in the User Dashboard
  •   Resynchronize a Token in the User Dashboard
  •   Replace a Token for a User in the User Dashboard
  •   Unlock a User in the User Dashboard
  •   Clear a User's On-Demand Authentication PIN in the User Dashboard
  •   Unassign a Token from a User in the User Dashboard
  •   Assign and Distribute a Software Token to a User Using Dynamic Seed Provisioning in the User Dashboard
  •   Clear a Cached Copy of Windows Credentials in the User Dashboard
  •   Change a User's Password in the User Dashboard
  •   Clear Security Question Answers in the User Dashboard
  •   View User Group Memberships for a User in the User Dashboard
•   Policies
  •   RSA Authentication Manager Policies
  •   Choose Policies for a Security Domain
  •   Token Policy
  •   Add a Token Policy
  •   Edit a Token Policy
  •   Delete a Token Policy
  •   Duplicate a Token Policy
  •   Rename a Token Policy
  •   View a Token Policy
  •   Change the Default Token Policy
  •   Assign a Token Policy to a Security Domain
  •   Replace Users' Windows Password with an RSA SecurID Passcode
  •   Edit Fixed Passcode Lifetime and Format Requirements
  •   Edit Emergency Access Code Format Requirements
  •   Configure Handling of Incorrect Passcodes
  •   Require a System-Generated PIN
  •   Lockout Policy
  •   Add a Lockout Policy
  •   View a Lockout Policy
  •   Delete a Lockout Policy
  •   Edit a Lockout Policy
  •   Duplicate a Lockout Policy
  •   Offline Authentication Policy
  •   Add an Offline Authentication Policy
  •   Edit an Offline Authentication Policy
  •   View an Offline Authentication Policy
  •   Delete an Offline Authentication Policy
  •   Change the Default Offline Authentication Policy
  •   Password Policy
  •   Add a Password Policy
  •   View a Password Policy
  •   Edit a Password Policy
  •   Delete a Password Policy
  •   Duplicate a Password Policy
  •   Self-Service Troubleshooting Policy
  •   Add a Self-Service Troubleshooting Policy
  •   Edit a Self-Service Troubleshooting Policy
  •   View a Self-Service Troubleshooting Policy
  •   Delete a Self-Service Troubleshooting Policy
  •   Duplicate a Self-Service Troubleshooting Policy
  •   Risk-Based Authentication Policies
  •   Add a Risk-Based Authentication Policy
  •   Edit a Risk-Based Authentication Policy
  •   Delete a Risk-Based Authentication Policy
  •   Duplicate a Risk-Based Authentication Policy
  •   View a Risk-Based Authentication Policy
  •   Choose the Default Risk-Based Authentication Policy for the Deployment
  •   Configure Automatic Enablement for a Risk-Based Authentication Policy
  •   Configure Silent Collection for a Risk-Based Authentication Policy
  •   Configure Device History Settings for a Risk-Based Authentication Policy
  •   Enable Identity Confirmation Methods for a Risk-Based Authentication Policy
  •   How a User Configures an Identity Confirmation Method
  •   Configure Device Registration for a Risk-Based Authentication Policy
  •   Set the Minimum Assurance Level for a Risk-Based Authentication Policy
  •   Risk-Based Authentication Message Policy
  •   Add a Risk-Based Authentication Message Policy
  •   Edit a Risk-Based Authentication Message Policy
  •   Delete a Risk-Based Authentication Message Policy
  •   Duplicate a Risk-Based Authentication Message Policy
  •   Change the Default Risk-Based Authentication Message Policy
  •   Assign a Risk-Based Authentication Message Policy to a Security Domain
  •   Workflow Policy
  •   Configure a Workflow Policy
  •   Edit Workflow Policies
  •   View Workflow Policies
  •   Change the Default Workflow Policy
  •   Assign a Workflow Policy to a Security Domain
  •   Duplicate Workflow Policies
  •   Delete Workflow Policies
  •   Change Workflow Definitions
•   Identity Attributes
  •   User Attributes
  •   User Authentication Attributes
  •   Add an Identity Attribute Definition
  •   Duplicate an Identity Attribute Definition
  •   Edit an Identity Attribute Definition
  •   Delete an Identity Attribute Definition
  •   Search for Identity Attribute Definitions
  •   Add Identity Attribute Categories
  •   Edit an Identity Attribute Category
  •   Delete an Identity Attribute Category
  •   Edit Identity Source Attribute Mappings
•   RSA SecurID Authenticate Tokencode Integration
  •   RSA SecurID Authenticate Tokencodes
  •   Configure RSA Authentication Manager to Handle Authenticate Tokencodes
  •   RSA SecurID Access Trusted Realm
    •   Add an RSA SecurID Access Deployment as a Trusted Realm
    •   Options for manage-securid-access-trusts
    •   Configure a Timeout Setting for Authentication Requests
    •   Repair an RSA SecurID Access Trusted Realm
•   RSA SecurID Authenticate Tokencode Integration Issues and Solutions
  •   Run a Command to Enable the RSA SecurID Authenticate app for Specific Users
  •   Options for manage-securid-authenticate-app-provisioning
•   RSA SecurID Tokens
  •   RSA SecurID Tokens
  •   RSA SecurID Hardware Tokens
  •   RSA SecurID Software Tokens
  •   Deploying RSA SecurID Tokens
  •   Configure Token Settings
  •   Software Token Profiles
  •   Add a Software Token Profile
  •   Delete a Software Token Profile
  •   Duplicate a Software Token Profile
  •   Edit a Software Token Profile
  •   View a Software Token Profile
  •   Assign a Software Token to a User
  •   Assign Software Tokens to Multiple Users
  •   Software Token Distribution
  •   Software Token Redistribution
  •   Distribute One Software Token Using Dynamic Seed Provisioning
  •   Distribute One Software Token Using File-Based Provisioning
  •   Distribute One Software Token Using CTF
  •   Distribute Multiple Software Tokens Using CT-KIP
  •   Distribute Multiple Software Tokens Using File-Based Provisioning
  •   Distribute Multiple Software Tokens Using CTF
  •   View Software Token Distribution Bulk Jobs
  •   Software Token Lifetime Extension
  •   Extend Software Token Lifetimes
  •   Configure Software Token Extension Parameters
  •   Assign a Hardware Token to a User
  •   Assign Hardware Tokens to Multiple Users
  •   Distribute a Hardware Token
  •   Search for a Token In Your Deployment
  •   Obtain the PIN Unlocking Key for an RSA SecurID 800 Authenticator
  •   View Import SecurID Token Jobs
  •   Move a Token Record to a New Security Domain
  •   View a Token
  •   Import a Token Record File
  •   Assign Tokens to Users
  •   Enabled and Disabled Tokens
  •   Enable a Token
  •   Disable a Token
  •   Assign a Replacement Token
  •   Replace a Token with the Next Available Token
  •   Edit a Token
  •   Replace a Token for a User
  •   Delete a Token
  •   Resynchronize a Token
  •   Unassign a Token from a User
  •   View All Tokens Assigned to a User
  •   View Token Statistics
  •   Restrict the Number of Active Tokens per User
  •   Token Attribute Definitions
  •   Add a Token Attribute Definition
  •   Edit a Token Attribute Definition
  •   Delete a Token Attribute Definition
  •   View a Token Attribute Definition
•   Password-Only Authentication
  •   Password-Only Authentication
•   On-Demand Authentication
  •   On-Demand Authentication
  •   On-Demand Tokencodes
  •   Configure On-Demand Tokencode Settings
  •   Change the Character Length for On-Demand Authentication Tokencodes
  •   Configure On-Demand Tokencode Delivery
  •   Disable On-Demand Authentication for a User
  •   Identity Attribute Definitions for On-Demand Tokencode Delivery by Text Message
  •   Configure the HTTP Plug-In for On-Demand Tokencode Delivery
  •   SMS HTTP Plug-In Configuration Parameters
  •   Change the SMS Service Provider
  •   Configure E-mail for On-Demand Tokencode Delivery
  •   Configure the SMTP Mail Service
  •   Identity Attribute Definitions for On-Demand Tokencode Delivery by E-Mail
  •   Configuring Users for On-Demand Authentication
  •   Enable On-Demand Authentication for a User
  •   PINs for On-Demand Authentication
  •   Set an Initial On-Demand Authentication PIN for a User
  •   Enable Users to Set Their Initial On-Demand Authentication PINs
  •   Clear a User's On-Demand Authentication PIN
  •   Set a Temporary On-Demand Tokencode PIN for a User
  •   On-Demand Authentication with an Authentication Agent or a RADIUS Client
  •   New PINs and On-Demand Tokencodes for Authentication Agents and RADIUS Clients
  •   Restrictions of On-Demand Tokencodes
  •   Import a Digital Certificate
  •   Delete a Digital Certificate
  •   Test Your SMS Provider Configuration
•   Emergency Access
  •   Emergency Online Authentication
  •   Assign a Temporary Fixed Tokencode
  •   Assign a Set of One-Time Tokencodes
  •   Emergency Offline Authentication
  •   Provide an Offline Emergency Access Tokencode
  •   Provide an Offline Emergency Passcode
  •   Configure the Maximum Lifetime for New Emergency Access Tokencodes
•   Self-Service
  •   Self-Service Settings
  •   RSA Self-Service Overview
  •   Self-Service Console User Experience
  •   Self-Service Console User Enrollment
  •   Identity Sources for Self-Service Users
  •   Configuring Self-Service
  •   Enable Enrollment by Selecting Identity Sources
  •   Select Security Domains for Self-Service
  •   Select User Groups for Self-Service
  •   User Profile Configuration for Self-Service
  •   Customize Self-Service User Profiles
  •   Set the Authentication Method for the Self-Service Console
  •   Security Questions for Self-Service
  •   Configure E-mail Notifications for Self-Service User Account Changes
  •   E-mail Template Example for the Self-Service Console
  •   Customize E-mail Notifications
  •   Resend E-mail to Users
  •   Conditional Statements in E-mail Notifications
  •   Customizing the Self-Service Console
  •   Enable or Disable Self-Service Features
  •   Show or Hide Self-Service Features
  •   Hide the Video Link in the Self-Service Console
  •   Customizing the Self-Service Console User Help
  •   Self-Service Troubleshooting
•   Licenses
  •   RSA Authentication Manager License Support
  •   Check License Status
  •   Install a License
  •   View Installed Licenses
  •   View Software Version Information
  •   Uninstall a License
  •   Activate a Business Continuity License
  •   Extend an Evaluation License
  •   Troubleshooting License Installation Issues
•   Password Dictionary
  •   Password Dictionary
  •   Add a Password Dictionary
  •   Export a Password Dictionary
  •   Delete a Password Dictionary
•   RADIUS
  •   RSA RADIUS Overview
  •   RSA RADIUS Authentication Process
  •   RADIUS Network Topology
  •   Communication Between RADIUS Servers and Clients
  •   RADIUS Settings
  •   Configure RADIUS Settings
  •   Specify RADIUS Attribute Format
  •   View RADIUS Servers
  •   RADIUS Data Replication
  •   Edit the RADIUS Server Agent
  •   RADIUS Server Statistics
  •   RADIUS Server Authentication Statistics
  •   RADIUS Server Log Files
  •   Standard RADIUS Accounting Attributes
  •   View RADIUS Server Statistics
  •   RADIUS Server Accounting Statistics
  •   RADIUS Clients
  •   Add a RADIUS Client
  •   Edit a RADIUS Client
  •   Delete a RADIUS Client
  •   View RADIUS Clients
  •   Add a RADIUS Client Agent
  •   View RADIUS Client Authentication and Accounting Statistics
  •   View or Edit a RADIUS Client Agent
  •   RADIUS Client Statistics
  •   RADIUS Profiles
  •   Add a RADIUS Profile
  •   Configuring RADIUS Profiles
  •   RADIUS Profile Associations
  •   Assign a User to a RADIUS Profile
  •   Delete a RADIUS Profile
  •   Edit a RADIUS Profile
  •   View RADIUS Profiles
  •   Unassign a User Alias from a RADIUS Profile
  •   Unassign a User from a RADIUS Profile
  •   Assign a User Alias to a RADIUS Profile
  •   Choose the Priority of Agent or User RADIUS Profiles
  •   Assign a Trusted User to a RADIUS Profile Using the Administration Menu
  •   View Trusted Users Associated with RADIUS Profiles
  •   View User Aliases Associated with a RADIUS Profile
  •   View an Agent Associated with a RADIUS Profile
  •   Unassign an Agent from a RADIUS Profile
  •   Assign an Agent to a RADIUS Profile
  •   Unassign a Trusted User from a RADIUS Profile
  •   Specify the Default RADIUS Profile
  •   View Users Associated with a RADIUS Profile
  •   RADIUS User Attributes
  •   Setting Up RADIUS User Attributes
  •   Add a Custom RADIUS User Attribute Definition
  •   Enable or Disable RADIUS User Attributes
  •   Edit a Custom RADIUS User Attribute Definition
  •   Assign RADIUS User Attributes to Users
  •   Map a RADIUS User Attribute Definition to an Identity Source Attribute
  •   Delete a Custom RADIUS User Attribute Definition
  •   Edit a Standard RADIUS User Attribute Definition
  •   View RADIUS User Attribute Definitions
  •   RADIUS Replication Status
  •   Verifying RSA RADIUS Replication
  •   Initiate Replication to RADIUS Replica Servers
  •   Enable Periodic RADIUS Replication
  •   Disable Periodic RADIUS Replication
  •   EAP-POTP Settings
  •   EAP-TTLS Configuration
  •   Configure EAP-POTP Settings
  •   Restart a RADIUS Server
  •   Edit RADIUS Server Files
  •   RSA RADIUS Server File Customization
  •   Add a RADIUS Dictionary
  •   Add a RADIUS Attribute Definition to a Dictionary
  •   Modify a RADIUS Attribute Definition in a Dictionary
  •   Configure RSA RADIUS to Use System-Generated PINs
•   Logging
  •   Log Messages
  •   Configure Logging
  •   Log Configuration Parameters
  •   Log Archives
  •   Archive Logs Using Schedule Log Archival
  •   Archive Logs Using Archive Now
  •   Cancel a Log Archive Job That is Currently Executing
  •   Cancel all Scheduled Occurrences of a Log Archive Job
  •   Mask Token Serial Numbers in Logs
  •   Configure Critical System Event Notification
  •   Critical System Event Types
  •   Configure the Remote Syslog Host for Real Time Log Monitoring
•   SNMP
  •   RSA Authentication Manager SNMP
  •   Configure SNMP
  •   Management Information Base Objects for SNMP GETS
    •   Management Information Base Objects for SNMP GETS
    •   MIB Objects for Agent Protocol Service
    •   MIB Objects for Agent Auto-Registration
    •   MIB Objects for Offline Authentication
    •   MIB Objects for the Adjudicator
    •   MIB Objects for the Database
    •   MIB Objects for RADIUS and EAP-32
    •   MIB Objects for Remote Realm Authentication
    •   MIB Objects for On-Demand Tokencodes
    •   MIB Objects for Deployment Information
    •   MIB Objects for Self-Service and Provisioning
•   MIB Objects for SNMP for the Hardware Appliance
•   MIB Objects for SNMP GETS for Unreleased Agents
•   Security Questions
  •   Managing Security Questions
  •   Set Requirements for Security Questions
  •   Custom Security Questions
  •   Modify the Security Questions File
  •   Import Security Questions
  •   Language Codes for Security Questions
  •   View All Security Questions for the Deployment
  •   Clear User Answers to Security Questions
•   Trusted Realms
  •   Trusted Realms
  •   Creating a Trust Relationship
  •   Add a Trusted Realm
  •   Edit a Trusted Realm
  •   Enable a Trusted Realm
  •   Disable a Trusted Realm
  •   Delete a Trusted Realm
  •   View Trusted Realms
  •   Test a Trusted Realm
  •   Enable Authentication Between Realms
  •   Configure an Agent for Trusted Realm Authentication
  •   Duplicate Agent Record for Access Control
  •   View Trusted Realm Settings
  •   Removing Trust Between Two Realms
  •   Repair a Trust Relationship with a Version 8.0 or Later Realm
•   Trusted Users
  •   Trusted Users and Trusted User Groups
  •   Add a Trusted User
  •   Allow Trusted Users to Authenticate Using RSA RADIUS
  •   Add Trusted Users to a Trusted User Group
  •   Assign a Trusted User to a RADIUS Profile Using the Administration Menu
  •   Specify Trusted User Name Identifier
  •   Edit a Trusted User
  •   Delete a Trusted User
  •   Edit Domain Name in a Fully Qualified Trusted User Name
•   Trusted User Groups
  •   Add a Trusted User Group
  •   View Trusted User Groups Allowed to Authenticate on Specific Agents
  •   Edit a Trusted User Group
  •   Set Restricted Access Times for Trusted User Groups
  •   Delete a Trusted User Group
  •   Grant a Trusted User Group Access to Agents
•   Batch Jobs
  •   Batch Jobs
  •   View Batch Jobs
  •   Cancel a Batch Job
  •   Delete a Batch Job
•   Risk-Based Authentication
  •   Risk-Based Authentication
  •   Methods for Enabling Users for Risk-Based Authentication
  •   Risk-Based Authentication Data Flow
  •   Deployment Considerations for Risk-Based Authentication
  •   Risk Engine Considerations for Risk-Based Authentication
  •   Minimum Assurance Level
  •   Silent Collection
  •   Implementing Risk-Based Authentication
  •   Backup Authentication Method for Risk-Based Authentication
  •   Install the RBA Integration Script Template
  •   Testing Your Risk-Based Authentication Integration
  •   Troubleshooting the Authentication Test
  •   Planning for Domain Name System Updates
  •   Enable Users Automatically for Risk-Based Authentication
  •   Enable Users Manually for Risk-Based Authentication
  •   View Risk-Based Authentication Settings for a User
  •   Device History for Risk-Based Authentication
  •   Disable a User for Risk-Based Authentication
  •   Delete the Device History for a User
  •   Search Users Based on Risk-Based Authentication Settings
  •   Configure Web-Based Application Logon Pages for Risk-Based Authentication
  •   Device Settings for Risk-Based Authentication
  •   Custom Solutions for Web-Based Applications for Risk-Based Authentication
•   Export and Import Tokens and Users Between Deployments
  •   Exporting and Importing Users and Tokens Between Deployments
  •   Download the Encryption Key
  •   Import Users with Tokens
  •   Import Tokens from Another Deployment
  •   Export Users with Tokens
  •   Export Tokens
  •   Delete Export and Import Tokens and Users Jobs
•   Reports
  •   Reports
  •   Reports Permitted for Each Administrative Role
  •   Sample Reports
  •   Add a Report
  •   Run a Report Job
  •   Scheduled Report Jobs
  •   Schedule a Recurring Report Job
  •   View a Report Template
  •   Edit a Report
  •   Edit a Scheduled Report Job
  •   Delete a Report
  •   Duplicate a Report
  •   Duplicate a Scheduled Report Job
  •   Delete a Scheduled Report Job
  •   View A Completed Report
  •   View An In Progress Report Job
  •   View a Scheduled Report Job
  •   Configure Report Notification
  •   List User Group Membership in Reports
  •   Configure RSA Authentication Manager Monitoring Intervals for Installed Agents
  •   Collecting Replicated Agent Authentication Records on the Primary Instance
  •   Generate a Report of the Current Configuration Settings
•   Provisioning
  •   Provisioning Overview
  •   Administrative Roles in Provisioning
  •   Scope for Request Approvers and Token Distributors
  •   Select Hardware Tokens for Provisioning
  •   Select Software Tokens for Provisioning
  •   Select On-Demand Authentication for Provisioning
  •   Privileges for Request Approvers and Token Distributors
  •   Workflow for Provisioning Requests
  •   Workflow Policy
  •   Configuring Provisioning
  •   Enable Provisioning
  •   Change the Default Workflow Policy
  •   Assign a Workflow Policy to a Security Domain
  •   Change Workflow Definitions
  •   Using E-mail Notifications for Provisioning Requests
  •   Managing Authenticators for Self-Service Users
  •   Configure Authenticators for Self-Service Users
  •   Configure Shipping Addresses for Hardware Authenticators
  •   Creating Multiple Requests and Archiving Requests
  •   User Groups and Token Bulk Requests Utility
  •   Import Bulk Requests for User Groups and Tokens
  •   Create Input Files for Bulk Requests
  •   CSV Format for Token Requests Input File
  •   CSV Format for User Group Membership Requests Input File
  •   Log Files for Bulk Requests
  •   PIN and Protection of Distribution Files for Software Tokens
  •   Archive Requests Utility
  •   Export and Import Closed Requests
  •   Self-Service Request Management
  •   Approve and Reject User Requests
  •   Search for User Requests
  •   View User Requests
  •   Complete User Requests
  •   Cancel User Requests
  •   Configure Emergency Access for Provisioning
•   Activity Monitor
  •   Real-time Monitoring Using Activity Monitors
  •   View Messages in the Activity Monitor
  •   Filter Activity Monitor Events Based on Administrator Scope of Authorization
•   User Sessions
  •   Close an Active User Session
  •   Session Lifetime Limits
  •   Types of Session Lifetime Limits
  •   Edit Session Lifetime Settings
•   Network Settings
  •   Verify an IP Address or Hostname
  •   Primary or Replica Instance Network Settings Updates
  •   Change the Primary Instance IPv4 Network Settings
  •   Change the Replica Instance IPv4 Network Settings
  •   Update the Primary Instance Hostname and IP Address on a Replica Instance
  •   Change the IP Address of a Primary or Replica Instance in AWS
  •   Change the Hostname of a Primary or Replica Instance in Azure
  •   Create IPv6 Network Settings on a Primary or Replica Instance
  •   Download Network Settings for a Primary or Replica Instance
  •   DNS Server Configuration on the Amazon Web Services Virtual Private Cloud
  •   DNS Server Configuration on the Azure Virtual Network
  •   Static Routes
  •   Add a Persistent IPv4 Static Route
  •   Add a Persistent IPv6 Static Route
  •   Add a Non-Persistent IPv4 Static Route
  •   Add a Non-Persistent IPv6 Static Route
  •   Delete a Persistent IPv4 or IPv6 Static Route
  •   Delete a Non-Persistent IPv4 or IPv6 Static Route
  •   Recovery from Incorrect Network Settings
  •   Recover from an Incorrect IP Address Change
  •   Recover from an Incorrect Subnet Mask
  •   Recover from an Incorrect Gateway
•   Appliance Maintenance
  •   Appliance Logs
  •   Configure Appliance Log Settings
  •   Log Rotation Policy for the Appliance Logs
  •   Reboot the Appliance
  •   View the Appliance Hosts File
  •   Edit the Appliance Hosts File
  •   Enable Secure Shell on the Appliance
  •   VMware DVD/CD or ISO Image Mounting Guidelines
  •   Hyper-V DVD/CD or ISO Image Mounting Guidelines
  •   Log On to the Appliance Operating System with SSH
•   Product Updates
  •   RSA Authentication Manager Updates
  •   Scan for Product Updates
  •   Apply Product Updates
  •   Specify a Product Update Location
  •   Roll Back a Product Update
•   Certificates
  •   Certificate Management for Secure Sockets Layer
  •   Console Certificate
  •   Import a Console Certificate
  •   Replacing the Console Certificate
  •   Delete a Console Certificate
  •   Replace an Expired Console Certificate
  •   Identity Source SSL Certificates
  •   Add an Identity Source SSL Certificate
  •   Edit an Identity Source SSL Certificate
  •   Delete an Identity Source SSL Certificate
  •   Activate a New SSL Console Certificate
  •   View an Identity Source SSL Certificate
  •   View a RADIUS Server Certificate
  •   Replace a RADIUS Server Certificate
  •   Import a Signed Virtual Host Certificate
  •   Activate a Virtual Host Certificate
  •   Delete a Virtual Host Certificate
  •   Generate a Certificate Signing Request Using the Operations Console
  •   Generate a Certificate Signing Request for the Web Tier
  •   Add a Trusted Root Certificate
  •   List Trusted Root Certificates
  •   Delete a Trusted Root Certificate
  •   RSA Virtual Host Certificate
  •   Certificate Authority Certificate Files
  •   Replacing the Default Virtual Host Certificate
  •   Upgrade Internal RSA Authentication Manager Certificates to SHA-256
  •   Enable Strict TLS Mode
•   Troubleshooting
  •   Troubleshooting Common Error Messages
  •   Common Error Messages
    •   13003 Authentication Lockout Event
    •   16044 Access Database
    •   16075 Initialize Permissions
    •   16089 Denial of Service
    •   16112 Remove Orphaned Principals
    •   16262 Batch Cleanup Orphaned Prinicpals Limit Hit
    •   16264 Mark Find Prinicpal Across IdentitySource Failure
    •   16265 Determine Related Identity Source
    •   16294 Identity Source GET Connection Failed
    •   16296 Track User in Replica Failed
    •   16297 Build Related Identity Source Cache Failed
    •   16329 Read Inactive Users
    •   20056 Insufficient Privilege
    •   20063 Authentication Manager Agent Clear NodeSecret
    •   20214 Authentication Manager Configuration Update Failed
    •   20239 Export Data to File
    •   20240 Generate Export Security Package
    •   23002 Authentication Unsupported Protocol
    •   23005 Authentication Node Verification
    •   23008 Authentication Principal Resolution
    •   23017 OA Data Download Failed
    •   23021 Authentication Manager Next Tokencode Activated
    •   23026 Autoreg Verify Nodesecret
    •   23036 Autoreg Verify Nodesecret
    •   23038 Autoreg DHCP Error
    •   23039 Autoreg Clear Nodesecret
    •   23071 Auth Failed Bad Tokencode Good PIN
    •   23072 Auth Failed Bad PIN Good Tokencode
    •   23073 Auth Failed Bad PIN Previous Tokencode
    •   23080 Authentication Agent Doesn't Accept SecurID
    •   23089 TR R Via Principal Not Discovered
    •   23090 TR R Via OTP Verification Fail
    •   23091TR R Via OTP Node Secret Unavailable
    •   26011 Process Referential Integrity Messages
    •   26041 Adjudicator Clock Setback
•   RSA Authentication Manager Log Messages
•   Viewing Troubleshooting Files
  •   Download Troubleshooting Files
  •   View the Progress Monitor
•   Replication
  •   Replica Instance
  •   Primary Instance
  •   Generate a Replica Package
  •   Attach the Replica Instance to the Primary Instance
  •   Replica Instance Promotion for Disaster Recovery
  •   Promote a Replica Instance for Disaster Recovery
  •   Replica Data After Promotion
  •   Check Replication Status
  •   Replication Status
  •   Replica Instance Synchronization
  •   Synchronize a Replica Instance
  •   Delete a Replica Instance
•   Promotion for Maintenance
  •   Promotion for Maintenance
  •   Promote a Replica Instance Using Promotion for Maintenance
  •   View the Next Steps for Promotion for Maintenance
  •   View the Progress Monitor for Promotion for Maintenance
  •   Restore Administration on the Primary Instance
  •   Manually Reset the Original Primary Instance as a Replica Instance
  •   Start and Synchronize the Original Primary Instance
•   Disaster Recovery
  •   Disaster Recovery Situations
  •   Hardware Appliance System Image Installation
  •   Locally Install the Original System Image on a Hardware Appliance
  •   Remotely Install the Original System Image on a Dell Hardware Appliance
  •   Remotely Install the Original System Image on an Intel Hardware Appliance
  •   Super Admin Restoration
  •   Restore the Super Admin
•   Backup and Restore
  •   Create a Backup Using Back Up Now
  •   Create a Backup Using Schedule Backups
  •   Restore from Backup
  •   Delete Backups
•   Web Tiers
  •   Web-Tier Deployments
  •   Add a Web-Tier Deployment Record
  •   Generate a Web-Tier Deployment Package
  •   View Web-Tier Deployments
  •   Web-Tier Status Definitions
  •   Update the Web-Tier
  •   Edit a Web-Tier Deployment Configuration
  •   Delete a Web-Tier Deployment Record
  •   Verify the Web-Tier Version
  •   Changing the IP Address of a Web-Tier Server
  •   Configure a Load Balancer and Virtual Host
  •   Update the Load Balancer and Virtual Host
  •   Disable a Load Balancer and Virtual Host
  •   Uninstall a Web Tier on Windows
  •   Uninstall a Web Tier on Linux
  •   Managing the Web-Tier Service
  •   Manage the RSA Web-Tier Bootstrapper Server on Windows
  •   Manage the RSA Web-Tier Bootstrapper Server on Linux
  •   Logout Error on the Self-Service Console in the Web Tier
•   System Date and Time
  •   Accurate System Date and Time Settings
  •   Update System Date and Time Settings
•   Application Trust
  •   Setting Up an Application Trust
  •   Add a New Application Trust Certificate
  •   Download an Application Trust Certificate
  •   View an Application Trust Certificate
  •   Edit an Application Trust Certificate
  •   Delete an Application Trust Certificate
•   Custom Logon Banners
  •   Custom Logon Banners
  •   Configure a Custom Console Logon Banner
  •   Configure a Custom SSH Logon Banner
  •   Remove a Custom Console Logon Banner
  •   Disable an SSH Custom Logon Banner
  •   Configure a Web-Tier Self-Service Console Logon Banner on Windows
  •   Configure a Web-Tier Self-Service Console Logon Banner on Linux
  •   Remove a Web-Tier Self-Service Console Logon Banner on Windows
  •   Remove a Web-Tier Self-Service Console Logon Banner on Linux
•   Custom Self-Service Console Web Pages
  •   Customize Self-Service Console Web Pages
  •   Revert Customized Self-Service Console Web Pages to the RSA Default Settings
•   Cache Maintenance
  •   Flush the Cache
  •   Cached System Objects
•   Operating System Access
  •   System Administrator Accounts
  •   Operating System Access
  •   Change the Operating System Account Password
  •   Edit Session Lifetime Settings for Operating System Access
•   RSA Authentication Manager Glossary