Are there RSA SecurID Access hardware tokens for Mac OS desktop?
All documentation I saw are about RSA SecurID Access software tokens for MAC OS desktops, I have been wondering if there are RSA SecurID Access hardware tokens for MAC OS desktops? I'll be appreciated if anyone could give me detailed information about this. RSA SecurID Access" data-type="spaceRSA Authentication Manager" data-type="space
- Community Thread
- Forum Thread
- hardware tokens for mac os desktops
- RSA SecurID
- RSA SecurID Access
- rsa securid hardware token
- Token Auth
- Token Authentication
- Token Authenticator
- Token Authenticators
Just a clarification, when you say hardware token the reference made is here for tokens of type SID 800 which come with a USB.
SID 800 hardware tokens are not supported on MAC OS desktops.
Thank you very much for your prompt reply. What about SID 700, the ones without USB (as shown below). I wonder if tokens of this version are supported on MAC OS desktop.
Both the SID700 and SID800 would work in the same way.
First you Assign a Hardware Token to a User and provide it to them in a secure fashion.
PINs can be set in the Self-Service Console or through the authentication device you have configured. Authentication devices can be an RSA Authentication Agent, a RADIUS client, or one of the many third-party devices listed in the RSA Ready space. Some devices allow what we call New PIN Mode where you are prompted to create then use a PIN. Others do not, so be sure to read the implementation documentation carefully.
To set the PIN through a Cisco VPN, for example,
- Have the end user launch the VPN client.
- If not populated, the user keys in their user name.
- At the Passcode prompt, the user enters the digits they see on the token.
- The next screen will ask for a new PIN and to then verify the PIN, with a note that the PIN must be between 4 and 8 characters to continue. Let's say your end user creates a PIN of 11111111. When ready, the end user clicks Continue.
- A success box appears with the message A new PIN has been generated for you.
- The next message is the system asking for the next tokencode. When you are asked for the next tokencode, wait for the next tokencode to appear on your hardware token and enter that number.
- The next prompt will be to enter the passcode. A passcode is the PIN you created and the tokencode. Remember, we said your end user created a PIN of 11111111. The tokencode on the hardware token rolls over and is 22222222. For the passcode your end user would enter 1111111122222222. For subsequent authentications, the end user authenticates using 1111111 and whatever digits they see on the token.
To further clarify:
SID700 and SID800 as far as tokencodes go, simply display codes you can use with a pin, as a password on a login page or VPN.
The SID700 is a self-contained device and works -anywhere- as it does not plug into anything. You simply read the code and type it out when needed as a pin+tokencode 'passcode'.
The SID800 is also self-contained and works -anywhere- just like a SID700, but it also has a USB connector which gives two added features the SID700 does not have:
a) automatic tokencode detection or 'connected authenticator'
for some VPN clients, they have dll's which detect if a SID800 is connected, it can fetch the current tokencode for you, so when accessing a VPN login on the same device, you may be able to type the PIN only, and the VPN client or login page supplies the rest of the code automatically...saving time typing out those six digit tokencodes. MACs don't have this though.
RSA Remote Access Client 3.6 (RAC) is software from RSA which runs on windows, and it manages the other half of the SID800 USB connection, which is a flash storage smartcard, completely separate from the tokencode chip. If you use smartcard certificates to boot systems, or otherwise use certificates for secure logins, RAC allows you to manage the certificate storage part of the SID800. RSA does not have a RAC for MACs.
What is available for MAC OS is RSA Software Token application, which can install a software token seed generated by RSA Authentication Manager, and then the application can display tokencodes/passcodes that you can use for logins much like a SID700.
Thank you very much for the detailed information. Now I am sure both SID700 and SID800 hardware tokens won't be supported by MAC OS desktop then. It seems like purchasing separate RSA SecurID software token seed records for MAC OS X, working together with the RSA Authentication Manager and RSA Software Token application for the phone and the desktop is the only choice if we want to use RSA MFA for MAC OS desktops.