SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Integrate RSA secure ID & LDAP(AD)

Hey Guys,


I want to configure my current RSA 8 self service to QR based provisioning & wanted to let employees themslef regiter a token.


Problem: We currently manully create users -> assign active token->set a pin -> communicate PIN to users -> email token to users


We knew how to configure QR based provisioning, the problem is we have to integrate Active directory to RSA & enable method of authentication to ldap password/RSA Token so that employees can access thier selfservice console using LDAP password or RSA token when they .


If i integrate LDAP and start referring the external identity source, will this affect internal source users and token assigned to them? how LDAP can be integrated without affecting internal identity source. how it can be synchronized with existing users in internal identity source

I do not want to reassign token to external identity users who are already have thier token in internal identity source

Labels (1)
3 Replies
Administrator Administrator

Hi Manigandan,


I have moved this discussion to the RSA SecurID" data-type="space​ page so that you can get an answer to your question.





OK... in general.


If you make a connection to AD in RSA security console, you now have your internal database users with tokens already assigned, and also matching names in the AD connection with nothing assigned. You want to make the AD list of users the 'active one'?


Use the export users and tokens feature.


You can move users and tokens between identity sources this way.


[I can't go into the explicit details of every step, but using the help menu and this concept below, you'll be able to do it.]


-put the internal db users you want to move to the AD connection into a group (create some new internal group)


-export users and tokens, and export this group


-make a backup of the system [in case things go sour from here on out, you can get everything back ]


-now the users you exported are still active and still in internal database, so you now delete the users from internal database


-Import users and tokens, import the file you just exported, and during import, point them to the AD connection. If the first name, last name, and userid matches what you have in the AD connection, the import will associate the user and tokens and pins and everything to the AD connection.


-Run a report 'Imported users and tokens report' if you see any error messages when running the import job.

Apprised Contributor Apprised Contributor
Apprised Contributor

This Attached PowerPoint should get you started with LDAP external Identity Sources, especially how to map the Base USER DN, and Failover