This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SecurID® Access Discussions

Browse the SecurID Access discussion board to get product help and collaborate with other users of SecurID Access.
JohnMcKellep
Contributor
Contributor
‎2020-05-28 09:25 AM

User authentication during identity router update

If i have only 1 identity router in my cluster, when i do an update on it, will users still be able to authenticate using the app or will that function cease until the update is complete? We originally starting using the app to protect access to Office365 for users when they were off our corporate network. Now we use it more for 2 factor into our VPN which is protected by RSA Authentication Managers that now can use the RSA Authenticate App as a token. So does the authentication manager speak directly to the cloud for authentication or would it still go through the identity router?

Labels (1)
Labels
0 Likes
Reply
4 Replies
TedBarbour
Employee
Employee
‎2020-05-28 10:28 AM

John McKellep‌ - please see Identity Router Update Process

Users will not be able authenticate during the update. Your on-premise Identity Router brokers cloud service to LDAP and AM traffic.

Having more than one Identity Router is recommended for HA.

 

Hope that helps,

Ted

Reply
JohnMcKellep
Contributor
Contributor
In response to TedBarbour
‎2020-05-28 10:32 AM

Is it best to have multiple identity routers in one cluster or to have multiple clusters?

0 Likes
Reply
TedBarbour
Employee
Employee
In response to JohnMcKellep
‎2020-05-28 12:25 PM

Without an analysis of your network topology and requirements it is difficult to say for sure but recommend you read about Clusters. If you are only using a single IDR now the next logical step would be a single cluster of three IDRs to provide better resiliency to any single IDR outage. 

Note that details about your network should not be discussed here in a public forum.

Reply
TedBarbour
Employee
Employee
In response to TedBarbour
‎2020-05-28 04:34 PM

I should add if you are just using AM->Cloud with Authenticate App tokencodes or the PIN+Approve feature for your VPN then users would still be able to authenticate while the IDR is being updated. The IDR is not involved in either of those authentication use cases.

Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.