Manage My Page

securid_watchthevideographic_180x50.png

SecurID My Page is a web portal that provides a secure way to manage your authenticators and access your applications.

Each user can use My Page to register:

  • One device that supports Android, iOS, or Windows.
  • Up to five SecurID 700 hardware OTP credentials or RSA DS100 OTP credentials.
  • One FIDO authenticator.
Authenticator Configuration Impact
Android, iOS, or Windows

After you enable My Page, SecurID Authenticator app (iOS, Android, or Windows) app users use My Page to register their devices using multifactor authentication and QR or numeric registration codes.

Custom mobile app users can register iOS or Android devices using My Page according to your instructions.

SID 700 hardware OTP credential Users must go to My Page to register or activate their SID 700 hardware OTP credentials.
FIDO

If, after enabling My Page, you are using security keys as FIDO authenticators, you can register your FIDO authenticator during authentication the first time you attempt to use your authenticator. Note: Windows Hello or Android phone authenticators cannot be registered during first time authentication.

To enable registration for all FIDO authenticators, you must enable both My Page and FIDO authenticator registration on Access > My Page. After both functions are enabled, users can no longer register FIDO authenticators during authentication.
RSA DS100 FIDO and OTP credentials Users must go to My Page and follow the on-screen instructions to register their RSA DS100 FIDO and OTP credentials.

You can select the primary authentication method and the policy used for additional authentication for signing into My Page. You can enable and configure My Page.

Before you begin

  • You must be a Super Admin in the Cloud Administration Console.

  • Know which access policy to use for additional authentication.

    Confirm that the access policy contains authentication methods that are not used for primary authentication. If you are not already using SMS or Voice OTP, contact your SecurID sales representative for additional information.

    If you require users to register their FIDO authenticators using My Page, confirm that the access policy does not require a FIDO authenticator.

  • If you want to use a third-party identity provider for primary authentication, it must be created.

  • (Optional) Select your company logo to display in My Page. The image file must be JPG or PNG format, and no larger than 50 KB. The maximum logo size is 220 x 80 pixels. The same logo can also be used to display on additional authentication prompts.
  • (Optional) Select a background image to display in My Page. The image file must be JPG, PNG, or GIF format, and no larger than 512 KB.

Set Up My Page Self Service

Procedure

  1. In the Cloud Administration Console, click Access > My Page.

  2. Select Enable under Self Service to enable My Page.

  3. In the Authentication section, in the Primary Authentication Method drop-down list, select the authentication method to use. Note the following:

    • If you select FIDO, note that you cannot complete registration when authenticating for the first time with FIDO as a primary authentication method. Be sure that you can first complete registration by accessing an application or My Page that requires FIDO as additional authentication. You can then use FIDO authenticators as primary authentication for this application.

      If you want to allow Emergency Access Code as a replacement for FIDO (for example, if a user lost the FIDO authenticator), select Allow Emergency Access Code to replace FIDO. Emergency Access Code does not need to be in an assurance level to use it for primary authentication.

      If you select the Emergency Access Code option, consider the following additional authentication implications:

      • If Emergency Access Code is an authentication option based on the selected access policy, the user is granted access to the protected resource after entering the Emergency Access Code one time and is not prompted for the Emergency Access Code twice.

      • If Emergency Access Code is not an authentication option in the selected access policy, the user is prompted for additional authentication based on the policy.

    • If you select Performed by Cloud Identity Provider, select the Cloud Identity provider from the list.

  4. In the Access Policy for Additional Authentication drop-down list, select the access policy to apply if primary authentication succeeds.

    If you selected Performed by Cloud Identity Provider in the previous step, you might want to select an access policy that does not require additional authentication, so users are automatically authenticated to My Page by the Cloud Identity provider.

  5. If you want to allow users to delete their authenticators in My Page (for example, when they get new mobile devices and need to complete registration), leave the box selected. If not, clear the Users can delete authenticators in My Page box.

    If you clear the box, administrators can delete users' current authenticators as described in Manage Users for the Cloud Authentication Service .

  6. If you want to allow users to register FIDO authenticators in My Page, select Allow users to register FIDO authenticators on My Page and select the authenticators allowed. You must select at least one FIDO authenticator. My Page must also be enabled.

  7. If you want to allow users to register RSA DS100 authenticator for FIDO and OTP credentials, select Allow users to register RSA DS100 authenticators on My Page.

    1. Select OTP Credential if you want to allow users to register RSA DS100 OTP credential.

    2. Select FIDO Credential if you want to allow users to register RSA DS100 FIDO credential.

  8. To allow users to register mobile authenticators in My Page, select Allow users to register selected authenticators on My Page and select at least one mobile authenticator from the list. My Page must also be enabled.

    If you select Custom App, make sure you add the app to the Cloud Authentication Service. For instructions, see FIDO Authentication and Custom App Authentication.

  9. To have Cloud Authentication Service automatically send emails to users when they complete registration with an iOS, Android, or Windows device, add or delete additional accounts, or delete registered devices, click Device Registration & Deletion Emails and follow the instructions on that page.

  10. (Optional) To redirect users to a specific URL after they sign out of My Page, enter the URL in the Logout URL field.

    If you do not specify a URL, users are redirected to the My Page URL. Note that this field is available only if you have selected Performed by Cloud Identity Provider as the Primary Authentication Method.

  11. (Optional) To redirect users to a specific URL after they encounter an error, enter the URL in the Error URL field.

    If you do not specify a URL, users are redirected to the logout URL or the My Page URL (if the logout URL is not specified). Note that this field is available only if you have selected Performed by Cloud Identity Provider as the Primary Authentication Method.

  12. To configure My Page for single sign-on in an unsolicited response flow, copy the Assertion Consumer Service (ACS) URL for Unsolicited Responses value into your identity provider configuration settings.

  13. Click Save.

Set Up Single Sign-On Portal

Single Sign-On (SSO) configuration settings provide administrators with the ability to manage user authorization required to access applications and user sessions.

Procedure

  1. In the Cloud Administration Console, click Access > My Page.

  2. Click the Single Sign-On (SSO) tab.

  3. Select Enable under SSO Portal Settings to enable My Applications on My Page.

  4. In the Authentication section, in the Primary Authentication Method drop-down list, select the authentication method to use. Note the following:

    • If you select FIDO, note that you cannot complete registration when authenticating for the first time with FIDO as a primary authentication method. Be sure that you can first complete registration by accessing an application or My Page that requires FIDO as additional authentication. You can then use FIDO authenticators as primary authentication for this application.

      If you want to allow Emergency Access Code as a replacement for FIDO (for example, if a user lost the FIDO authenticator), select Allow Emergency Access Code to replace FIDO. Emergency Access Code does not need to be in an assurance level to use it for primary authentication.

      If you select the Emergency Access Code option, consider the following additional authentication implications:

      • If Emergency Access Code is an authentication option based on the selected access policy, the user is granted access to the protected resource after entering the Emergency Access Code one time and is not prompted for the Emergency Access Code twice.

      • If Emergency Access Code is not an authentication option in the selected access policy, the user is prompted for additional authentication based on the policy.

    • If you select Performed by Cloud Identity Provider, select the Cloud Identity provider from the list.

  5. In the Access Policy for Additional Authentication drop-down list, select the access policy to apply if primary authentication succeeds.

    If you selected Performed by Cloud Identity Provider in the previous step, you might want to select an access policy that does not require additional authentication, so users are automatically authenticated to My Page by the Cloud Identity provider.

  6. In the User Sessions section, provide the session duration and inactivity timeout in minutes. After the specified duration or inactivity timeout, users will be signed out. The default values for Session Duration and Inactivity Timeout are 60 minutes and 10 minutes respectively.

  7. Select the Limit Concurrent Sessions to check box and enter a value to restrict the number of concurrent logins. No more user login will be allowed after this limit. The value must be between 1 and 99. If you do not select this check box, unlimited concurrent logins will be allowed.

  8. To require users to sign in again if the system detects that the IP address has changed within the same sign-in session, select Validate Session IP Address. This option can help to prevent unauthorized use of a sign-in session. If this setting is blank, a user can change IP addresses within the same session without being prompted to sign in again. This can be useful, for example, to accommodate users moving from workplace to home and changing IP addresses as a result.

  9. (Optional) If you want to redirect users to a specific URL after they sign out of My Page, enter the URL in the Logout URL field.

    If you do not specify a URL, users are redirected to the My Page URL. Note that this field is not available if you select Password, SecurID, or FIDO as the primary authentication method.

  10. (Optional) If you want to redirect users to a specific URL after they encounter an error, enter the URL in the Error URL field.

    If you do not specify a URL, users are redirected to the logout URL or the My Page URL (if the logout URL is not specified). Note that this field is not available if you select Password, SecurID, or FIDO as the primary authentication method.

  11. If you are configuring My Page for single sign-on in an unsolicited response flow, copy the Assertion Consumer Service (ACS) URL for Unsolicited Responses value into your identity provider configuration settings.

  12. Click Save.

Manage Customization Settings

Customize the application portal and My Page using your company logo, icons, color, background image, and text that is specific to your organization and meaningful to your user audience.

Procedure

This is an optional procedure.

  1. Provide a Page Title. This will appear as the title on the browser when My Page is accessed.

  2. Provide a Company Display Name. This will appear on the Sign In page .

  3. Specify the button and border color as hexadecimal value. For example, #FF0000.

  4. Upload Favicon to be displayed on the browser for My Page.
    If you do not specify an icon, browser shows SecurID icon. To delete an existing icon, click the minus sign.

  5. Click Upload Logo, and select the company logo to display in My Page.
    If you do not specify a logo, My Page contains only the SecurID logo. To delete an existing logo, click the minus sign.

  6. Upload Background Image. You can use this image to display your company’s Help Desk or other contact information.

  7. Click Save.

  8. (Optional) To preview your customized settings, click Preview.

  9. Click Publish Changes.

Note: Users can view the custom settings during the entire authentication flow.