This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
ChanKokWooi
Beginner
Beginner
‎2020-04-28 11:13 AM

SecurID with AD Administrator account access

Hi, 

Can we the SecurID appliance link with AD on Administrator account for Administrator access to manage the token administration?

How about the Operation access? Can it link with AD Administrator account?

 

Kindly advise.

 

Regards,

Kok Wooi CHAN

0 Likes
Reply
6 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2020-04-28 02:57 PM

Chan Kok Wooi‌,

 

I've moved your question to the RSA SecurID Access" data-type="space space where it will be seen by the product's support engineers, other customers and partners.  Please bookmark this page and use it when you have product-specific questions.

 

Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question.  From there, scroll to RSA SecurID Access" data-type="space and click Ask A Question.  That way your question will appear in the correct space.

 

Regards,

Erica

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2020-04-28 03:46 PM

Security Console can be an administrator whose account is based in AD.

 

Operations Console cannot.

Operations Console accounts are stored internally and separate from the user database and all other accounts.

Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
In response to EdwardDavis
‎2020-04-28 04:53 PM

Edward Davis‌,

 

Given the option of a Security Console administrator being in the AD or in the local internal database, is one preferred over the other and if so, why?

 

Regards,

Erica

0 Likes
Reply
ChanKokWooi
Beginner
Beginner
In response to _EricaChalfin
‎2020-04-28 10:14 PM

HI Erica,

 

We have segregated AD Administrator ID and staff ID to manage route works. For IT administration to manage the IT security devices, we would like to use the assigned AD Administrator ID to perform administration work as it is one of IT compliance.

 

Kok Wooi

0 Likes
Reply
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
In response to ChanKokWooi
‎2020-04-29 09:12 AM

The administrator's user record can reside in AD, but there are a few caveats to keep in mind.  You must assign administrator roles to userids in the Security Console; you cannot automatically grant administrator privileges in AM using an AD group, for example.  Also, some Operations Console operations require you to present credentials for a userid with the SuperAdmin role.  That userid must be in the Internal Database, not in AD, and the required credentials use an RSA_Password not a token. Further, you must have some administrative userids in the Internal Database so that someone can access the Security Console in the event the connection to AD goes down.

Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
In response to StevenSpicer
‎2020-04-29 11:15 AM

Steven Spicer‌,

 

The comment that there would be no admin access to the Security Console if the AD goes down was exactly my concern about admins in the AD vs internal database.  Thank you for explaining.

 

 

Regards,

Erica

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.