Announcements

SecurID® Integrations

F5 BIG-IP APM 14.1 - RSA Ready SecurID Access Implementation Guide

Certified: June 18th, 2019

 

Solution Summary

This section describes the ways in which F5 BIG-IP APM can integrate with RSA SecurID Access. Use this information to determine which integration type your deployment will employ.

Use Case

When integrated, F5 BIG-IP APM users must authenticate with RSA SecurID Access. F5 BIG-IP APM can be integrated with RSA SecurID Access using RADIUS, SAML SSO Agent, Relying Party, Authentication Agent and Risk Based Authentication.

 

Integration Types

RADIUS integrations provide a text driven interface for RSA SecurID Access within the partner application. RADIUS provides support for most RSA SecurID Access authentication methods and flows.

SSO Agent integrations use SAML 2.0 or HFED technologies to direct users’ web browsers to RSA SecurID Access for authentication. SSO Agents also provide Single Sign-On using the RSA Application Portal.

Relying party integrations use SAML 2.0 to direct users’ web browsers to RSA SecurID Access for authentication. Primary authentication is configurable, so relying party can be a good choice for adding additional authentication (only) to existing deployments.

Authentication Agent integrations use an embedded RSA agent to provide RSA SecurID and Authenticate Tokencode authentication methods within the partner’s application. Authentication agents are simple to configure and support the highest rate of authentications.

Risk Based Authentication integrations use customized scripts to direct users’ browsers to RSA SecurID Access for authentication. Risk-Based Authentication leverages an Authentication Agent or RADIUS integration to sign in to the partner application.

Supported Features

This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use. The next section contains the steps to integrate RSA SecurID Access with F5BIG-IP APM for each integration type.

 

F5 BIG-IP APM Integration with RSA Cloud Authentication Service

Authentication Methods

Authentication API

RADIUS

Relying Party

SSO Agent

RSA SecurID - ✔️ ✔️ ✔️
LDAP Password - ✔️ ✔️ ✔️
Authenticate Approve - ✔️ ✔️ ✔️
Authenticate Tokencode - ✔️ ✔️ ✔️
Device Biometrics - ✔️ ✔️ ✔️
SMS Tokencode - ✔️ ✔️ ✔️
Voice Tokencode - ✔️ ✔️ ✔️
FIDO Token n/a n/a ✔️ ✔️

 

F5 BIG-IP APM Integration with RSA Authentication Manager

Authentication Methods

Authentication API

RADIUS Authentication Agent
RSA SecurID - ✔️ ✔️
On-Demand Authentication - ✔️ ✔️
Risk-Based Authentication n/a ✔️ ✔️

 

✔️ Supported
- Not supported
n/t Not yet tested or documented, but may be possible.

​Configuration Summary

The following links provide instruction on how to integrate F5 BIG-IP APM with RSA SecurID Access.

This document is not intended to suggest optimum installations or configurations. It assumes the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All RSA SecurID Access and F5 BIG-IP APM components must be installed and working prior to the integration.

 

​Integration Configuration

 

​Use Case Configuration

 

​Coexistence with AD Authentication and SSO Configuration

 

​Certification Details

Date of testing: June 3rd, 2019

RSA Cloud Authentication Service

RSA Authentication Manager 8.3, Virtual Appliance

RSA Authentication Agent API 8.1 for C

F5 BIG-IP APM 14.1, Virtual Appliance

 

Known Issues

No known issues.

You are here

RSA SecurID Access Implementation Guide > F5 BIG-IP APM 14.1 - RSA Ready SecurID Access Implementation Guide

Labels (1)
No ratings
Version history
Last update:
‎2021-03-05 06:32 PM
Updated by:
Article Dashboard