This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
XiaoyanZhong
Beginner
Beginner
‎2019-10-16 04:45 PM

Are there RSA SecurID Access hardware tokens for Mac OS desktop?

Hi there,

 

All documentation I saw are about RSA SecurID Access software tokens for MAC OS desktops, I have been wondering if there are RSA SecurID Access hardware tokens for MAC OS desktops? I'll be appreciated if anyone could give me detailed information about this. RSA SecurID Access" data-type="spaceRSA Authentication Manager" data-type="space

 

Thank you.

Labels (1)
Labels
0 Likes
Reply
5 Replies
SrirangaPrasan1
Employee
Employee
‎2019-10-17 05:34 AM

Just a clarification, when you say hardware token the reference made is here for tokens of type SID 800 which come with a USB.

pastedImage_1.png

SID 800 hardware tokens are not supported on MAC OS desktops.

 

-Sri

0 Likes
Reply
XiaoyanZhong
Beginner
Beginner
In response to SrirangaPrasan1
‎2019-10-17 02:13 PM

Hi Sriranga,

 

Thank you very much for your prompt reply. What about SID 700, the ones without USB (as shown below). I wonder if tokens of this version are supported on MAC OS desktop. 

RSA hardware token SID 700.png 

Thank you.

0 Likes
Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
In response to XiaoyanZhong
‎2019-10-17 03:53 PM

Xiaoyan Zhong‌,

 

Both the SID700 and SID800 would work in the same way. 

 

First you Assign a Hardware Token to a User and provide it to them in a secure fashion.

 

At this point the token does not have a PIN associated with it.  How all of this would work is related to your token policies, so be sure to read up on that.

 

PINs can be set in the Self-Service Console or through the authentication device you have configured.  Authentication devices can be an  RSA Authentication Agent, a RADIUS client, or one of the many third-party devices listed in the RSA Ready space.  Some devices allow what we call New PIN Mode where you are prompted to create then use a PIN.  Others do not, so be sure to read the implementation documentation carefully.

 

To set the PIN through a Cisco VPN, for example, 

  1. Have the end user launch the VPN client.
  2. If not populated, the user keys in their user name.
  3. At the Passcode prompt, the user enters the digits they see on the token.
  4. The next screen will ask for a new PIN and to then verify the PIN, with a note that the PIN must be between 4 and 8 characters to continue.  Let's say your end user creates a PIN of 11111111.  When ready, the end user clicks Continue.
  5. A success box appears with the message A new PIN has been generated for you.
  6. The next message is the system asking for the next tokencode.  When you are asked for the next tokencode, wait for the next tokencode to appear on your hardware token and enter that number.
  7. The next prompt will be to enter the passcode.  A passcode is the PIN you created and the tokencode.  Remember, we said your end user created a PIN of 11111111.  The tokencode on the hardware token rolls over and is 22222222.  For the passcode your end user would enter 1111111122222222.  For subsequent authentications, the end user authenticates using 1111111 and whatever digits they see on the token.

 

Regards,

Erica

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to SrirangaPrasan1
‎2019-10-17 04:34 PM

To further clarify:

 

SID700 and SID800 as far as tokencodes go, simply display codes you can use with a pin, as a password on a login page or VPN.

 

The SID700 is a self-contained device and works -anywhere- as it does not plug into anything. You simply read the code and type it out when needed as a pin+tokencode 'passcode'.

 

The SID800 is also self-contained and works -anywhere- just like a SID700, but it also has a USB connector which gives two added features the SID700 does not have:

 

a) automatic tokencode detection or 'connected authenticator'

 

for some VPN clients, they have dll's which detect if a SID800 is connected, it can fetch the current tokencode for you, so when accessing a VPN login on the same device, you may be able to type the PIN only, and the VPN client or login page supplies the rest of the code automatically...saving time typing out those six digit tokencodes. MACs don't have this though.

 

b) smartcard

 

RSA Remote Access Client 3.6 (RAC) is software from RSA which runs on windows, and it manages the other half of the SID800 USB connection, which is a flash storage smartcard, completely separate from the tokencode chip. If you use smartcard certificates to boot systems, or otherwise use certificates for secure logins, RAC allows you to manage the certificate storage part of the SID800. RSA does not have a RAC for MACs.

 

 

What is available for MAC OS is RSA Software Token application, which can install a software token seed generated by RSA Authentication Manager, and then the application can display tokencodes/passcodes that you can use for logins much like a SID700. 

https://community.rsa.com/community/products/securid/software-token-mac 

Reply
XiaoyanZhong
Beginner
Beginner
In response to EdwardDavis
‎2019-10-17 05:36 PM

Hi Erica,

 

Thank you very much for the detailed information. Now I am sure both SID700 and SID800 hardware tokens won't be supported by MAC OS desktop then. It seems like purchasing separate RSA SecurID software token seed records for MAC OS X, working together with the RSA Authentication Manager and RSA Software Token application for the phone and the desktop is the only choice if we want to use RSA MFA for MAC OS desktops.

 

Thanks,

Xiaoyan

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.