This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
KennethKirchner
Beginner
Beginner
‎2016-12-18 03:27 PM

Two-Factor support for admin and self-service console?

Jump to solution

My management is a bit bummed by the fact that even though we have converted a large percentage of our user accounts from username/password to 2-factor via the SecurID token, the management of these servers still relies on username and password. We still have to issue a password to users so they can manage their PINs. Since we are in a DoD environment and everyone has a CAC/PIV, isnt there some way to integrate this into the admin and self-service consoles?

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2016-12-19 08:34 AM

Jump to solution

Kenneth Kirchner‌,

 

To edit the authentication methods for the Security Console, login to the Security Console and select Setup > System Settings.  Under Console & Session Handling, click Security Console Authentication Methods.  From there you can select one or more authentication methods for accessing the Self-Service Console.  These are RSA Password, LDAP Password, SecurID Native (that is, a tokencode or passcode) and/or OnDemand.  Note that the different methods can be joined with various operators.  

 

pastedImage_8.png

 

For more information, be sure to click on the Help on this page link in the Security Console and review the information on how to configure Security Console Authentication Methods.  Before making such configuration changes, please do pay attention to the note on the page.  You don't want to accidentally lock out your administrators.

 

To edit the authentication methods for the Self-Service Console, from the Security Console, select Setup > Self-Service Settings. Under Customization, click on Self-Service Console Authentication.  From there you can select one or more authentication methods for accessing the Self-Service Console.  As with the Security Console, these are RSA Password, LDAP Password, SecurID Native (that is, a tokencode or passcode) and/or OnDemand.  Again, the different methods can be joined with various operators.

 

pastedImage_5.png

 

For more information, be sure to click on the Help on this page link in the Security Console and review the information on how to set the Authentication Method for the Self-Service Console.

 

Regards,

Erica

View solution in original post

0 Likes
Reply
4 Replies
EdwardDavis
Employee
Employee
‎2016-12-19 08:18 AM

Jump to solution

Yes. Security Console Authentication Methods allows you to remove the password and require 

token or on-demand token or any combo. Use the help menu for specific details.

 

Operations Console cannot use tokens, passwords only for this web interface.

Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2016-12-19 08:34 AM

Jump to solution

Kenneth Kirchner‌,

 

To edit the authentication methods for the Security Console, login to the Security Console and select Setup > System Settings.  Under Console & Session Handling, click Security Console Authentication Methods.  From there you can select one or more authentication methods for accessing the Self-Service Console.  These are RSA Password, LDAP Password, SecurID Native (that is, a tokencode or passcode) and/or OnDemand.  Note that the different methods can be joined with various operators.  

 

pastedImage_8.png

 

For more information, be sure to click on the Help on this page link in the Security Console and review the information on how to configure Security Console Authentication Methods.  Before making such configuration changes, please do pay attention to the note on the page.  You don't want to accidentally lock out your administrators.

 

To edit the authentication methods for the Self-Service Console, from the Security Console, select Setup > Self-Service Settings. Under Customization, click on Self-Service Console Authentication.  From there you can select one or more authentication methods for accessing the Self-Service Console.  As with the Security Console, these are RSA Password, LDAP Password, SecurID Native (that is, a tokencode or passcode) and/or OnDemand.  Again, the different methods can be joined with various operators.

 

pastedImage_5.png

 

For more information, be sure to click on the Help on this page link in the Security Console and review the information on how to set the Authentication Method for the Self-Service Console.

 

Regards,

Erica

0 Likes
Reply
KennethKirchner
Beginner
Beginner
In response to _EricaChalfin
‎2016-12-19 11:58 AM

Jump to solution

Thanks, Erica! That is quite helpful!

0 Likes
Reply
DanielShriver
Contributor
Contributor
‎2019-08-28 11:09 AM

Jump to solution

Good Morning,

   We are having the same difficulty. Our Organization is beginning to roll out the Alternate Token Cards (ATC) for administrative accounts. So our "Administrators" won't technically have a password anymore and be forced to use their Token for Privilege elevation.  

 

I will need the RSA Authentication Manager Self Help Portal to be able to pass the credentials of the logged in user and/or prompt for a Certificate for authentication to LDAP.

 

I have put a support ticket in to assist. However, i am wondering if anyone else got this working?

 

Thank you

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.