- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
rsa radius
Hi,
I have a device which supports radius. I want to authenticte using securid .
Now confused about the two option
Click Save and Create Associated RSA Agent. This choice allows Authentication Manager to determine which RADIUS agent is used for authentication and to log this information. This option is required if you want to use risk-based authentication (RBA).
Click Save
and what is the below
f you created an associated RSA agent for this RADIUS client, you must configure the agent. why we have to do this
Thanks
- Tags:
- Agent
- Agents
- Auth Agent
- Authentication Agent
- Community Thread
- Discussion
- Forum Thread
- RSA SecurID
- RSA SecurID Access
- SecurID
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi,
RE: If you created an associated RSA agent for this RADIUS client, you must configure the agent
you don't actually need to configure anything on the agent page, simply save the page.
---
More about this and: a radius client alone, and a radius client with 'associated agent'
1) a radius client entry by itself, can allow radius clients to work, but you also need to edit an .ini file to make 'solo radius clients' work like that....(securid.ini file CheckUserAllowedByClient = 1 or 0)
2) set to zero, the system will ignore the fact you do not have a matching RSA agent entry for the radius client entry
3) however, CheckUserAllowedByClient = 1 is the default, and will not allow a radius client alone to allow access...as it is suggested to always create the corresponding RSA agent entry for any radius client entry.
A matching agent will allow you to do more advanced operations such as set Radius Profiles, or restrict access by user groups, or other operations you can choose on an RSA agent entry, which are not on the radius client page. CheckUserAllowedByClient=1 essentially means 'filter this login attempt through matching RSA agent page settings before allowing access-accept'
4) there is no disadvantage to simply always choose 'Save and create associated RSA agent'.
You do not need to do anything on the agent page, you can just save it.
But later, if you decide you want more control, the agent page is already there and you can make changes if needed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi,
RE: If you created an associated RSA agent for this RADIUS client, you must configure the agent
you don't actually need to configure anything on the agent page, simply save the page.
---
More about this and: a radius client alone, and a radius client with 'associated agent'
1) a radius client entry by itself, can allow radius clients to work, but you also need to edit an .ini file to make 'solo radius clients' work like that....(securid.ini file CheckUserAllowedByClient = 1 or 0)
2) set to zero, the system will ignore the fact you do not have a matching RSA agent entry for the radius client entry
3) however, CheckUserAllowedByClient = 1 is the default, and will not allow a radius client alone to allow access...as it is suggested to always create the corresponding RSA agent entry for any radius client entry.
A matching agent will allow you to do more advanced operations such as set Radius Profiles, or restrict access by user groups, or other operations you can choose on an RSA agent entry, which are not on the radius client page. CheckUserAllowedByClient=1 essentially means 'filter this login attempt through matching RSA agent page settings before allowing access-accept'
4) there is no disadvantage to simply always choose 'Save and create associated RSA agent'.
You do not need to do anything on the agent page, you can just save it.
But later, if you decide you want more control, the agent page is already there and you can make changes if needed.
