This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
ScottHudson
Beginner
Beginner
‎2017-09-08 11:30 AM

Active Directory integration for Self Service portal

I've gotten SecurID set up, tokens added, and have my AD server set as a Identity Source.  I can query it and get a list of users in the Security Console.

 

When I go to set up Self Service -> Select Identity Source.  The AD identity source does not show up.  I feel like I am missing a step some where.  I've attempted to log into the Self Service portal using my AD account which has a token associated with it.

 

Can anyone help?

Labels (1)
Labels
0 Likes
Reply
11 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2017-09-08 12:35 PM

Scott Hudson‌,

 

It sounds like you have the identity source linked successfully to the system (Setup > Identity Sources > Link Identity Source to System).

 

I can see where you'd think there should be a drop down listing all identity sources under Setup >Self-Service Settings and clicking on Select Identity Sources, but try manually entering the FQDN of the identity source, as shown here and clicking Save.

 

pastedImage_8.png

 

Regards,

Erica

0 Likes
Reply
ScottHudson
Beginner
Beginner
In response to _EricaChalfin
‎2017-09-13 10:25 AM

Erica,

 

Thanks for your help, but this didn't seem to work.  I tried the FQDN of our domain controller and also the Identity Source Name I used in the original setup.  If I got to Select User Groups, I don't see my AD identity source there either.  Any other ideas?

 

Scott

0 Likes
Reply
KevinDouglas
Respected Contributor Respected Contributor
Respected Contributor
In response to ScottHudson
‎2017-09-13 02:22 PM

For Self Service -> Select Identity Source area is just a friendly identifier...  See the hover over below.2017-09-13_141407.png

 

For Group information that is Internal Identity Source only...  From the help section of the page.

 

Note:  Users can request additional user group membership after enrolling in Self-Service, as long as the user group resides in the internal database.

0 Likes
Reply
ScottHudson
Beginner
Beginner
In response to KevinDouglas
‎2017-09-13 02:28 PM

I saw that too when I was following Erica's suggestion.  Any idea on how to link Active Directory to the self-service portal?  I have the identity source configured and can use it to assign tokens to users.  I can't find any documentation on how to link AD to self-service.  There must be some option buried somewhere I am missing.

0 Likes
Reply
TIFFANYIRELAND1
Beginner
Beginner
‎2017-09-13 04:39 PM

You can let users log in with their AD password by setting up the "Self-Service Console Authentication" option.

 

In the Security Console, navigate to "Settings" then "Self Service Settings", then under the "Customization" box in the lower left corner, select "Self-Service Console Authentication".

 

There you can adjust the way users can log into the self-service portal. You can use any combination of RSA_Password, LDAP_Password, and SecurID_Native (token).

 

(Example) Console Authentication Method: LDAP_Password/SecurID_Native

 

Word to the wise, have someone else test the settings, before you log out!

0 Likes
Reply
ScottHudson
Beginner
Beginner
In response to TIFFANYIRELAND1
‎2017-09-13 05:24 PM

Sorry this didn't work either.  The default is set to "RSA_Password/LDAP_Password/SecurID_Native" by default.  I just added "LDAP_Password" and no luck.  I reverted it back to the default.

 

Any other ideas?

0 Likes
Reply
RandyBelbin
Frequent Contributor Frequent Contributor
Frequent Contributor
‎2017-09-14 09:27 AM

With those default settings, you should be able to log into the Self Service Console using your AD credentials. Try using just your AD username (no domain) and your AD password.

0 Likes
Reply
ScottHudson
Beginner
Beginner
In response to RandyBelbin
‎2017-09-14 10:31 AM

That's what I've been doing.  No success.  Is there a log somewhere I can look at to see what is going on?

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to ScottHudson
‎2017-09-14 10:40 AM

There is a difference between 'self service console' and what others call a 'Portal'.

 

You may be using SSP, which doesn't follow the setup recommendations that have been posted here, it is different.

 

Can you send a picture of the login page you are seeing (you can hide the URL we want to see the rest of the page though).

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.