Manage My Page

securid_watchthevideographic.png

SecurID My Page is a web portal that helps provide a secure way for users to manage their authenticators. Users can complete registration and delete their authenticators (if necessary).

You must enable My Page if you want to use it. You select the primary authentication method and the policy used for additional authentication for signing into My Page.

Each user can use My Page to register up to three authenticators: one device that supports Android, iOS, or Windows, one SID 700 hardware token, and one FIDO authenticator.

Authenticator Configuration Impact
Android, iOS, or Windows

After you enable My Page, SecurID Authenticate app users use My Page to register their iOS, Android, or Windows devices using multifactor authentication and QR or numeric registration codes.

Custom mobile app users can register iOS or Android devices using My Page according to your instructions.

SID 700 hardware token You must ask RSA to enable this feature for your company. After enablement, users must go to My Page to register or activate their SID 700 hardware tokens.
FIDO

After you enable My Page, if you are using security keys as FIDO authenticators, all users can register their FIDO authenticators during authentication the first time they attempt to use their authenticators. However, Windows Hello or Android phone authenticators cannot be registered during first time authentication.

To enable registration for all FIDO authenticators, you must enable both My Page and FIDO authenticator registration on Platform > My Page. After both functions are enabled, users can no longer register FIDO authenticators during authentication.

Before you begin

  • You must be a Super Admin in the Cloud Administration Console.
  • Know which access policy to use for additional authentication.

    Confirm that the access policy contains authentication methods that are not used for primary authentication and can be completed by the user without the SecurID Authenticate app, for example, SMS or Voice Tokencode. If you are not already using SMS or Voice Tokencode, contact your RSA sales representative for additional information

    If you will require users to register their FIDO authenticators using My Page, confirm that the access policy does not require a FIDO authenticator.

  • (Optional) Select your company logo to display in My Page. The image file must be JPG or PNG format, and no larger than 50 KB. The maximum logo size is 220 x 80 pixels. The same logo can also be used to display on additional authentication prompts.

Procedure

  1. In the Cloud Administration Console, click Platform > My Page.

  2. Enable My Page.

  3. In the Authentication section, in the Primary Authentication Method drop-down list, select the authentication method to use. Note the following:

    • If you select FIDO, note that users cannot complete registration when authenticating for the first time with FIDO as a primary authentication method. Be sure that users can first complete registration by accessing an application or My Page that requires FIDO as additional authentication. Then users can use FIDO authenticators as primary authentication for this application.

      If you want to allow Emergency Tokencode as a replacement for FIDO (for example, if a user lost the FIDO authenticator), select Allow Emergency Tokencode to replace FIDO. Emergency Tokencode does not need to be in an assurance level to use it for primary authentication.

      If you select the Emergency Tokencode option, consider the following additional authentication implications:

      • If Emergency Tokencode is an authentication option based on the selected access policy, the user is granted access to the protected resource after entering the Emergency Tokencode one time and is not prompted for the Emergency Tokencode twice.

      • If Emergency Tokencode is not an authentication option in the selected access policy, the user is prompted for additional authentication based on the policy.

    • If you select Managed by Cloud Identity Provider, select the Cloud identity provider from the list.

  4. In the Access Policy for Additional Authentication drop-down list, select the access policy to apply if primary authentication succeeds.

    If you selected Managed by Cloud Identity Provider in the previous step, you might want to select an access policy that does not require additional authentication, so users are automatically authenticated to My Page by the Cloud identity provider.

  5. (Optional) In the Configuration section, click Upload Logo, and select the company logo to display in My Page.

    If you do not specify a logo, My Page contains only the SecurID logo. To delete an existing logo, click the minus sign.

  6. If you want the same logo to appear on pages used for additional authentication, select Use custom logo for additional authentication prompts. If you do not select this option, no logo appears during additional authentication.

  7. If you want to allow users to delete their authenticators in My Page (for example, when they get new mobile devices and need to complete registration), leave the box selected. If not, clear the Users can delete authenticators in My Page box.

    If you clear the box, administrators can delete users' current authenticators as described in Manage Users for the Cloud Authentication Service .

  8. If users will register FIDO authenticators in My Page, select Allow users to register FIDO authenticators on My Page and select the authenticators allowed. My Page must also be enabled.

  9. If users will register mobile authenticators in My Page, select Allow users to register selected mobile authenticators on My Page and select at least one mobile authenticator from the list. My Page must also be enabled.

    If you select Custom App, make sure you add the app to the Cloud Authentication Service. For instructions, see FIDO and Custom Authentication.

  10. If you want the Cloud Authentication Service to automatically send emails to users when they complete registration with the SecurID Authenticate app, add or delete additional accounts, or delete registered devices, click Device Registration & Deletion Emails and follow the instructions on that page.

  11. (Optional) If you want to redirect users to a specific URL after they sign out of My Page, enter the URL in the Logout URL field.

    If you do not specify a URL, users are redirected to the My Page URL. Note that this field is not available if you select Password, SecurID, or FIDO as the primary authentication method.

  12. (Optional) If you want to redirect users to a specific URL after they encounter an error, enter the URL in the Error URL field.

    If you do not specify a URL, users are redirected to the logout URL or the My Page URL (if the logout URL is not specified). Note that this field is not available if you select Password, SecurID, or FIDO as the primary authentication method.

  13. If you are configuring My Page for single sign-on in an unsolicited response flow, copy the Assertion Consumer Service (ACS) URL for Unsolicited Responses value into your identity provider configuration settings.

  14. Click Save.