This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
rsa_dave
New Contributor
New Contributor
‎2022-03-01 03:13 PM

RSA Auth Manager and Palo Alto MFA with AD

Hi all,

Firstly, Im pretty new to RSA Secure / Auth Manager.

Ive have been tasked with setting up MFA Radius based authentication from a Palo Alto firewall, with AD integration. 

Im unsure how this would hang together, in terms of the three entities involved. Does either the FW or RSA need to be joined to the AD domain?

Is it a case whereby RSA auth manager will receive the RADIUS / AD user request from the Palo FW, and proxy it into the AD environment?

Im may have explained this badly, but hopefully I have conveyed a general idea on my objective.

RSA v8.1.

Thanks.

0 Likes
Reply
1 Reply
FrankMiller
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2022-03-02 05:54 PM

Hello Dave

  The Radius server on the AM 8.1 server is not going to proxy the Domain password to your Domain Controller. Radius is only used to transport the username and passcode to the AM server. You integrate the AM server with AD as an Identity Source only.

I am not a PA expert, so I am not sure if this functionality is available on a PA firewall. In the Cisco ASA you can setup AAA server groups for both AD and SecurID (either SDI or Radius). Then you can set a policy for a Primary and Secondary authentication using the two AAA server groups. The ASA sends the username and domain password to the DC and the username and passcode to the AM server.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.