This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
ManigandanJegan
Beginner
Beginner
‎2016-06-23 06:09 AM

Integrate RSA secure ID & LDAP(AD)

Hey Guys,

 

I want to configure my current RSA 8 self service to QR based provisioning & wanted to let employees themslef regiter a token.

 

Problem: We currently manully create users -> assign active token->set a pin -> communicate PIN to users -> email token to users

 

We knew how to configure QR based provisioning, the problem is we have to integrate Active directory to RSA & enable method of authentication to ldap password/RSA Token so that employees can access thier selfservice console using LDAP password or RSA token when they .

 

If i integrate LDAP and start referring the external identity source, will this affect internal source users and token assigned to them? how LDAP can be integrated without affecting internal identity source. how it can be synchronized with existing users in internal identity source

I do not want to reassign token to external identity users who are already have thier token in internal identity source

Labels (1)
Labels
0 Likes
Reply
3 Replies
jeffshurtliff
Administrator Administrator
Administrator
‎2016-06-23 09:13 AM

Hi Manigandan,

 

I have moved this discussion to the RSA SecurID" data-type="space​ page so that you can get an answer to your question.

 

Thanks,

Jeff

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2016-06-23 12:11 PM

OK... in general.

 

If you make a connection to AD in RSA security console, you now have your internal database users with tokens already assigned, and also matching names in the AD connection with nothing assigned. You want to make the AD list of users the 'active one'?

 

Use the export users and tokens feature.

 

You can move users and tokens between identity sources this way.

 

[I can't go into the explicit details of every step, but using the help menu and this concept below, you'll be able to do it.]

 

-put the internal db users you want to move to the AD connection into a group (create some new internal group)

 

-export users and tokens, and export this group

 

-make a backup of the system [in case things go sour from here on out, you can get everything back ]

 

-now the users you exported are still active and still in internal database, so you now delete the users from internal database

 

-Import users and tokens, import the file you just exported, and during import, point them to the AD connection. If the first name, last name, and userid matches what you have in the AD connection, the import will associate the user and tokens and pins and everything to the AD connection.

 

-Run a report 'Imported users and tokens report' if you see any error messages when running the import job.

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2016-06-23 12:28 PM

This Attached PowerPoint should get you started with LDAP external Identity Sources, especially how to map the Base USER DN, and Failover

Preview file
4659 KB
0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.