This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
ArthurSchneider
Beginner
Beginner
‎2020-05-04 12:14 PM

Expand HelpDesk Role

Is there a way to allow our help desk to view and modify "Next tokencode" and "Clear failed attempts" without giving them administrative  control using the Administrative Roles. and which function/area to give them permission.

Labels (1)
Labels
0 Likes
Reply
2 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-05-04 05:34 PM

In order to logon to the Security Console, a user needs some Administrative role or their session will be terminated as soon as they authenticate successfully to the Security console, so what you need is some kind of minimal Help Desk Admin Role.

When you edit or create a new Admin role, the General Tab is where you manage what this role can do to Users,  

Enable-unlock.png

 

And the Authentication Tab is where you can configure what this role is allowed to do to Tokens

 

SC-Admin-Roles-HDesk-Edit_AuthPerm2.png

 

I think some combination of allowing edit or maybe just view of a User and / or Edit Token with just the minimal permissions might get what you are seeking.  I did not see manage next token code specifically, but re-synchronize token might be needed along with manage incorrect Passcode count. 

It's possible you could deny all User control to this role (not even View on General Tab), and force the Help Desk Admin to only have access to the Token by Serial Number, basically the stuff on the Authentication Tab.

0 Likes
Reply
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
In response to JayGuillette
‎2020-05-06 10:16 AM

The Roles are additive, so if you only want to add these permissions to a few admins who already have a help desk Role, you can create a new Role with just these permissions and add that Role to the admins you want to boost.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.