This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
DavidStreeter
Contributor
Contributor
‎2021-09-17 03:56 PM

Restricting token assignment between Security Domains

Jump to solution

Good afternoon,

 

Is it possible to restrict token assignment between Security Domains?

IE: User1 belongs to Security Domain1 and therefore can not be assigned a token from Security Domain2.

 

Thanks!

0 Likes
Reply
1 Solution

Accepted Solutions
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
‎2021-09-20 09:36 AM

Jump to solution

You can scope the admin roles to specific Security Domains.  Don't get too granular, though, or you'll wind up with many, many roles to maintain. 

The HDAP (Help Desk Admin Portal) component of SecurID Access Prime can be be configured to do this automatically, so that HDAP admins only see users and tokens in the same Security Domain as the admin.

 

View solution in original post

0 Likes
Reply
2 Replies
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
‎2021-09-20 09:36 AM

Jump to solution

You can scope the admin roles to specific Security Domains.  Don't get too granular, though, or you'll wind up with many, many roles to maintain. 

The HDAP (Help Desk Admin Portal) component of SecurID Access Prime can be be configured to do this automatically, so that HDAP admins only see users and tokens in the same Security Domain as the admin.

 

0 Likes
Reply
DavidStreeter
Contributor
Contributor
In response to StevenSpicer
‎2021-09-21 08:18 AM

Jump to solution

Thank you for the reply.

Is there an article that goes more in-depth in regards to using an administrative role to restrict the assignment of tokens outside of their designated security domain? 

We have a centralized help desk, so admins handle both users from SecurityDomain1 and SecurityDomain2. Will these admins require separate administrative accounts (within SecurityDomain1/SecurityDomain2) in order to enforce this restriction of assignment between the two security domains and maintain the ability to administrate within both security domains?

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.