SecurID® Integrations
Certified: March 23, 2023
Solution Summary
This section describes Computer Security Products Inc. CSP Authenticator+ 4.00 integration with RSA SecurID (or ID Plus). Use this information to determine which use case and integration type your deployment will employ.
Use Case
CSP Authenticator+® provides two methods of User Authentication. It can be run either as a Safeguard SEEP (Security-Event-Exit-Process, see Figure 1), or as a Pathway Server (see Figure 2). Using either method, SEEP or Pathway Server controls the attempt to gain access to the system by requesting the user to enter a PIN and a tokencode. The information is encrypted and delivered to the RSA Authentication Manager where validation of the passcode takes place. If the RSA Authentication Manager grants the user, then the CSP Authenticator+ can automatically log the user on to the HPE NonStop system according to the appropriate user settings.
CSP Authenticator+ can be installed easily on the HPE NonStop server in minutes, requiring little technical expertise. The agent is configurable to include all users by default or exclude specified users.
Figure 1: CSP Authenticator+® configured as a Safeguard SEEP
Figure 2: CSP Authenticator+® configured as a Pathway Server
Integration Types
RSA MFA API (REST) integrations can provide a rich user interface with all RSA SecurID Access features within the partner application. Refer to the Supported Features section in this guide to see which features this partner application has implemented.
Supported Features
This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA SecurID Access with FortiGate using each integration type.
Computer Security Products Inc. CSP Authenticator+ 4.00 Integration with RSA Cloud Authentication Service
|
Authentication Methods |
RSA MFA API (REST) |
RADIUS |
Relying Party |
SSO |
|
RSA SecurID |
- |
- |
- | - |
|
LDAP Password |
- |
- |
- | - |
|
Authenticate Approve |
- |
- |
- | - |
|
Authenticate OTP |
- |
- |
- | - |
|
Device Biometrics |
- |
- |
- | - |
|
SMS OTP |
- |
- |
- | - |
|
Voice OTP |
- |
- |
- | - |
|
FIDO Security Key |
- | - | - | - |
Computer Security Products Inc. CSP Authenticator+ 4.00 Integration with RSA Authentication Manager
|
Authentication Methods |
RSA MFA API (REST) |
RADIUS |
Authentication Agent |
|
RSA SecurID |
 |
- |
- |
|
On Demand Authentication |
|
- |
- |
|
Risk Based Authentication |
- |
- |
- |
|
Supported |
| - | Not supported |
| n/t | Not yet tested or documented, but may be possible. |
| n/a | Not applicable |
Configuration Summary
This section contains instruction steps that show how to integrate Computer Security Products Inc. CSP Authenticator+ 4.00 with RSA SecurID using all the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA SecurID and Computer Security Products Inc. CSP Authenticator+ components must be installed and working prior to the integration.
All the supported use cases of RSA SecurID Access with Computer Security Products Inc. CSP Authenticator+ require both server-side and client-side configuration changes. This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
Integration Configuration
RSA Authentication Manager
Reference
RSA Terminology Changes
The following table describes the differences in the terminologies used in the different versions of RSA products and components.
|
Previous Version |
New Version |
Examples/Comments |
|---|---|---|
| Company ID | Organization ID | |
| Account | Credential | |
| Token | OTP Credential |
SecurID OTP Credential |
| Tokencode | OTP/Access Code |
SecurID OTP, SMS OTP, Voice OTP Emergency Access Code, Disable Access Code |
| Hardware Token | Hardware Authenticator | |
| Device Serial Number | Binding ID | |
| Device | Credential/Authenticator | |
| Device Registration Code | Registration Code | |
| Authenticate App | Authenticator App |
Known Issues
Non-interactive applications on a NonStop Server (such as FTP or ODBC) will not support New-PIN or Next-Token-Code modes. These applications do not provide interactive dialog for the prompts to be displayed and the replies to be entered. A work-around would be to first logon an interactive application such as TACL (Tandem Advanced Command Language) when the user/token is in New-PIN or NextToken-Code mode.
Certification Details
RSA Authentication Manager 8.7, Virtual Appliance or later
CSP Authenticator+ 4.00, HPE NonStop Server
Host OS, L20.05, L21.XX, L22.XX, HPE NonStop Server
