The RSA SecurID authentication process involves the interaction of three distinct products:
RSA SecurID authenticators, also known as tokens, which generate one-time authentication credentials for a user.
RSA Authentication Agents, which are installed on client devices and send authentication requests to the Authentication Manager.
RSA Authentication Manager, which processes the authentication requests and allows or denies access based on the validity of the authentication credentials sent from the authentication agent.
To authenticate a user with SecurID, Authentication Manager needs, at a minimum, the following information:
Contains a User ID and other personal information about the user (for example, first name, last name, group associations, if any). The user record can come from either an LDAP directory server or the Authentication Manager internal database.
Lists the name of the machine where the agent is installed. This record in the internal database identifies the agent to Authentication Manager and enables Authentication Manager to respond to authentication requests from the agent.
Enables Authentication Manager to generate the same tokencode that appears on a user’s RSA SecurID token.
RSA Authentication Manager software, authentication agents, and RSA SecurID tokens work together to authenticate user identity. RSA SecurID patented time synchronization ensures that the tokencode displayed by a user’s token is the same code that the RSA Authentication Manager software has generated for that moment. Both the token and the Authentication Manager generate the tokencode based on the following:
The token’s unique identifier (also called a “seed”).
The current time according to the token’s internal clock, and the time set for the Authentication Manager system.
To determine whether an authentication attempt is valid, the RSA Authentication Manager compares the tokencode it generates with the tokencode the user enters. If the tokencodes do not match or if the wrong PIN is entered, the user is denied access.
Authentication Manager software is scalable and can authenticate large numbers of users. It is interoperable with network, remote access, wireless, VPN, Internet, and application products. The following table describes key examples.
Product or Application
RSA SecurID provides secure authentication when used in combination with a VPN.
RSA SecurID operates with remote dial-in servers, such as RADIUS.
RSA SecurID protects access to web pages.
Authentication Manager includes an 802.1- compliant RADIUS server.
Secure access to Microsoft Windows
Authentication Manager can be used to control access to Microsoft Windows environments both online and offline.
Network hardware devices
Authentication Manager can be used to control desktop access to devices enabled for SecurID, such as routers, firewalls, and switches.