This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
AnnePeterson
Beginner
Beginner
‎2016-11-15 11:47 AM

Does Authentication Manager support Microsoft's Managed Service Accounts or Group Managed Service Accounts?

Does the Authentication Manager support Microsoft's Managed Service Accounts or Group Managed Service Accounts?

 

Getting Started with Group Managed Service Accounts  

Labels (1)
Labels
0 Likes
Reply
5 Replies
EdwardDavis
Employee
Employee
‎2016-11-16 08:20 AM

Need more context...in what way are you asking ?

0 Likes
Reply
AnnePeterson
Beginner
Beginner
In response to EdwardDavis
‎2016-11-18 04:13 PM

for the AD bind account used to connect the auth manager to AD - does RSA support making this a managed service account?

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to AnnePeterson
‎2016-11-21 09:13 AM

Well, not sure.

Our setup guide doesn't mention anything about it.

 

What is required is: the account name and password chosen for the AD connection has all permissions necessary to do all the functions on the DC that RSA needs from it (the top domain admin is guaranteed to have this).

 

If you find you have issues with managing LDAP users or groups on the RSA server, and the account connection is not 'the domain admin', then quickly switch to domain admin and retesting will sort out if it is permissions related.

 

If the account is dynamically changed or the password is changed, an RSA ops console admin needs to manually update the RSA server.

Reply
MichaelNork1
Beginner
Beginner
In response to EdwardDavis
‎2016-11-21 01:51 PM

Question: Are you suggesting that one create a Service Account with Top Level Domain Admin permissions to perform LDAP functions on the DC for the Authentication Manager?

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to MichaelNork1
‎2016-11-21 03:25 PM

Many setups use a service account yes, with permissions needed for the RSA function to be able to read users and groups from AD and across the scope you set up.

 

It doesn't have to have full admin rights, but if you have problems with anything AD related, a quick test with admin rights will quickly nail down if the problem is that the service account doesn't have enough permissions.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.