You can define a list of trusted locations that can be used to determine who can access applications and the application portal, and which assurance level to use for additional authentication. A trusted location is a specific address or a set of latitude/longitude coordinates with a radius of up to 1000 meters, kilometers, or miles, irrespective of national borders. If you use the Trusted Location attribute in an access policy, during authentication the user’s location is compared with all trusted locations in this list to find a match. The access policy specifies how to handle the user’s request, depending on if a match was found.
A Super Admin can perform these tasks:
Data Collection for Trusted Location
By default, RSA SecurID Access collects location data from users using HTML5 geolocation. This data is used by the Trusted Location attribute to evaluate users' authentication requirements when they try to access protected resources. RSA recommends that you leave data collection enabled. If location collection is disabled for your company, do not use the Trusted Location attribute in access policies. If you need to verify, in the Cloud Administration Console, click My Account > Company Settings and select the Company Information tab. Scroll down to see the Location Collection field.
​Add a Trusted Location
Procedure
- In the Cloud Administration Console, click Access > Trusted Locations.
- Click Add a Trusted Location.
- In the Trusted Location Name field, enter a unique name for this location. For example, Company Headquarters or Eastern Region Office.
-
In the Address field, type a complete or partial address and select a location from the Bing Maps auto-suggestion list. You can enter an exact location with a street address or only a town or city. For example, 176 Middlesex Turnpike, Bedford, MA, or Munich, Germany.
Note: If the address does not appear in the suggestion list, type the full address and click Search.
The map pinpoints the address and its radius. RSA SecurID Access uses Bing Maps to automatically convert the address you enter to latitude and longitude. If you are prompted for the longitude and latitude, perform these steps:
- Use an internet service to find the longitude and latitude coordinate for the address you are adding.
- In the Latitude and Longitude fields, enter the latitude and longitude using signed degree format DDD.dddddddd, with latitude from -90 to 90 and longitude from -180 to 180.
- In the Radius field, enter a radius value of 1-1000.
- In the Units field, select meters, kilometers, or miles.
- Click Save.
- (Optional) To publish the change and immediately activate it on the identity router, click Publish Changes.
​Delete a Trusted Location
After you delete a trusted location, that location is no longer used to determine authentication requirements in access policies that use the trusted location attribute.
Procedure
- In the Cloud Administration Console, click Access > Trusted Locations.
- Select Delete from the drop-down menu to the right of the trusted location you want to delete.
- Click Delete to confirm the action.
- (Optional) To publish the change and immediately activate it on the identity router, click Publish Changes.
You are here
Table of Contents > Access Policies > Configuring Access Policies > Add or Delete a Trusted Location
