You can define a list of trusted locations that can be used to determine who can access applications and the application portal, and which assurance level to use for additional authentication. A trusted location is a specific address or a set of latitude/longitude coordinates with a radius of up to 1000 meters, kilometers, or miles, irrespective of national borders. If you use the Trusted Location attribute in an access policy, during authentication the user’s location is compared with all trusted locations in this list to find a match. The access policy specifies how to handle the user’s request, depending on if a match was found.
Perform this task to add a trusted location to a list.
Note:By default, RSA SecurID Access collects location data from users using HTML5 geolocation. This data is used by the Trusted Location attribute to evaluate users' authentication requirements when they try to access protected resources. RSA recommends that you leave data collection enabled. If location collection is disabled for your company, do not use the Trusted Location attribute in access policies. If you need to verify, in the
Cloud Administration Console, click
My Account > Company Settings and select the
Company Information tab. Scroll down to see the Location Collection field.
Before you begin
You must be a Super Admin to perform this task.
In the Cloud Administration Console, click Access > Trusted Locations.
Click Add a Trusted Location.
In the Trusted Location Name field, enter a unique name for this location. For example, Company Headquarters or Eastern Region Office.
In the Address field, type a complete or partial address and select a location from the Bing Maps auto-suggestion list. You can enter an exact location with a street address or only a town or city. For example, 176 Middlesex Turnpike, Bedford, MA, or Munich, Germany.
Note:If the address does not appear in the suggestion list, type the full address and click Search.
The map pinpoints the address and its radius. RSA SecurID Access uses Bing Maps to automatically convert the address you enter to latitude and longitude. If you are prompted for the longitude and latitude, perform these steps:
Use an internet service to find the longitude and latitude coordinate for the address you are adding.
In the Latitude and Longitude fields, enter the latitude and longitude using signed degree format DDD.dddddddd, with latitude from -90 to 90 and longitude from -180 to 180.
In the Radius field, enter a radius value of 1-1000.
In the Units field, select meters, kilometers, or miles.
(Optional) To publish the change and immediately activate it on the identity router, click Publish Changes.