This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
MarekKulczyk
Beginner
Beginner
‎2016-02-24 03:06 AM

Is it possible to show RSA SecurID login window only for challenge users, others should have standard windows login with possibility to use NLA?

Jump to solution

I’m
deploying RSA SecureID solution only for administrative access. However in my network
we have got some Windows Terminal Servers which allow access to SCADA systems
from terminals not connected to domain (Terminals have saved network
credentials which allow them to connect to SCADA applications without user
interaction). I want to allow terminals to connect to RDP without login, but
administrators which belong to RSA_Required group should login with RSA
SecureID login.

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
HusseinElBaz
Employee
Employee
‎2016-03-23 08:05 AM

Jump to solution

Hello Marek,

 

Kindly be advised that the normal behavior when we challenge users from the RSA control center, the challenged users will be prompted for SecurID authentication and the non-challenged users will be able to authenticate with their Windows credentials only.

 

So kindly check and advise us back if there is any assistance needed from our side.

 

Best Regards,

View solution in original post

0 Likes
Reply
3 Replies
HusseinElBaz
Employee
Employee
‎2016-03-23 08:05 AM

Jump to solution

Hello Marek,

 

Kindly be advised that the normal behavior when we challenge users from the RSA control center, the challenged users will be prompted for SecurID authentication and the non-challenged users will be able to authenticate with their Windows credentials only.

 

So kindly check and advise us back if there is any assistance needed from our side.

 

Best Regards,

0 Likes
Reply
MarekKulczyk
Beginner
Beginner
In response to HusseinElBaz
‎2016-03-24 03:36 AM

Jump to solution

Hello Hussein

 

I opened support request with this case and I get this same answer.

However I think that this will be nice product functionality if it can allow similar situation.

Now I can’t use RSA login for administrators on some RDP Production Servers.

Thanks for information and have a nice day

 

Pozdrawiam/Best Regards

Marek Kulczyk

Specjalista administrator systemów i baz danych

 

SWISS KRONO

Kronopol sp. z o.o.

ul. Serbska 56, 68-200 Żary, Poland

Tel.: +48 683631499

Kom.: +48 607331212

E-mail: m.kulczyk@kronopol.pl<mailto:m.kulczyk@kronopol.pl>

www: www.kronopol.pl<%20www.kronopol.pl%20>

 

Sąd Rejonowy w Zielonej Górze

Wydział VIII Gospodarczy Krajowego Rejestru Sądowego

65-364 Zielona Góra ul. Kożuchowska 8

nr KRS 0000052023, NIP 928-00-12-700, REGON 970327738

Kapitał zakładowy spółki 60 000 000,00 zł

Preview file
1 KB
0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to MarekKulczyk
‎2016-03-24 12:45 PM

Jump to solution

Marek,

As Hussein indicated, when you protect a resource with a SecurID Authentication Manager agent, The RSA agent changes the Logon Credential Prompt to show the RSA Logo and ask for Passcode for everyone.  Some of our older version agents allowed you to edit this display so say Password instead of Passcode, but again for everyone.  I believe Engineering thought it best security practice to present as little information as possible to this logon screen, so as not to help hackers.

In order to have a dynamic prompt, the agent would need to ask for the UserID separately first, in order to evaluate if they user was to be Challenged for a PassCode, or not Challenged for just a Password.  But if the agent did this, it would provide verification to a hacker that an account UserID existed and which accounts were challenged and which were not.

So While RSA has the option to Request for an Enhancement, RFE, to ask for new functionality, I do not think Engineering would want to provide this because of Security Concerns.  However, if you as a customer were will to accept the risk of having this type of agent, it might be worth opening an RFE for this functionality, not by default but as something an Administrator could configure.

Hope this explanation helps.  Also I believe there is an option to include your own company Logo instead of RSA.  Regards,

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.