You can set up Multi-Factor Authentication (MFA) for NetWitness using one of the following methods:

ADFS Log in to NetWitness with SecurID Passcode

Single Sign-On (SSO) functionality of NetWitness can be leveraged where the user authenticates using ADFS log in user interface with AD user credentials followed by the SecurID passcode.

Note: This method is suitable only for single AD users.

Prerequisites

  • RSA NetWitness Platform (NW) version 11.4 or later

  • MS Active Directory Federation Services (ADFS) - MS Windows Server 2012 R2 or later

  • MS Active Directory (AD) – MS Windows Server 2008 R2 or later

  • RSA Authentication Manager (AM) 8.4 or later

  • RSA Authentication Agent for ADFS 1.0 or later

Perform the following configurations:

  1. Configure RSA Authentication Manager.
  2. Configure NetWitness.
  3. Configure ADFS.

Configure RSA Authentication Manager

Configure Active Directory as an Identity Source in RSA Authentication Manager using the steps described in the section Add an Identity Source.

Configure NetWitness

  1. Configure Active Directory for External Authentication to NetWitness using the steps described in the section Configure Active Directory.
  2. NetWitness must be configured for SSO using the steps described in the section Configure Single Sign-On.

Configure ADFS

ADFS must be configured for SSO in NetWitness. You must copy the exported metadata (see step 9 in Configure Single Sign-On) to ADFS and perform the following steps:

  1. Go to Server Manager > Tools > ADFS management > Trust Relationships.

  2. On the right-side, click Add Relying Part Trust > Start.

  3. Click Import data about the relying party from a file and select the metadata file.

  4. Click Next, and enter a display name.

  5. Click Next until the Close button is displayed.

  6. Ensure the Open the Edit Claim Rules option is selected.

  7. Click Close.

  8. In the Edit Claim Rules dialog, click Add Rule.

  9. In the Add Transform Claim Wizard dialog, click Next.

  10. Enter a claim rule name.

  11. In the Attribute Store drop-down menu, select Active Directory.

  12. In the Mapping of LDAP attributes table, on the left-side select SAM-Account-Name and on right-side, select Name ID.

    Note: Only one mapping is required.

  13. Click Finish.

  14. Click Apply.

  15. Click OK.

    Next you need to configure MFA using Authentication Agent in ADFS. The agent is freely available at (https://community.rsa.com/community/products/securid/authentication-agent-adfs) and for more information on configuration, see RSA Authentication Agent 2.0.3 for Microsoft AD FS Administrator's Guide.

PAM SecurID Log in to NetWitness for AD Users

In this method only SecurID Passcode is required for authenticating to NetWitness. RSA Authentication Manager takes care of the authentication to AD without requiring the password from the user.

After the configuration, the user registered in the Active Directory can log in to NetWitness using the SecurID passcode.

Prerequisites

  • RSA NetWitness Platform (NW) version 11.0 or later

  • MS Active Directory (AD) – MS Windows Server 2008 R2 or later

  • RSA Authentication Manager (AM) 8.2 or later

Perform the following configurations:

  1. Configure RSA Authentication Manager.
  2. Configure NetWitness.

Configure RSA Authentication Manager

Configure Active Directory as a Identity Source in RSA Authentication Manager using the steps described in the section Add an Identity Source.

Configure NetWitness

Complete the additional configuration for RSA Authentication Manager and NetWitness configuration as described in the section Configure PAM Login Capability.