Certified: November 30, 2022

Solution Summary

This section describes Fortra BoKS ServerControl integration with RSA SecurID (or ID Plus). Use this information to determine which use case and integration type your deployment will employ.

Use Case

Fortra BoKS ServerControl 8.1 end users will be challenged to authenticate with RSA SecurID to sign in once the integration is done successfully. The integration is done with RSA SecurID using RSA MFA API (REST) and the integration supports only RSA Authentication Manager.

The required authentication method for users in a BoKS protected domain can be configured based on user, service (ssh, su, and so on), to/from-host. On the BoKS master, the RSA Authentication Manager root CA certificate must be imported and communication settings to the RSA Authentication Manager must be specified.

A typical sequence for SecurID authenticated login includes the following steps:

1. The Server Agent queries the BoKS Manager for the authentication method to use for the tuple (service, user, host).
2. BoKS Manager responds with SecurID authentication method (indicating authentication with RSA Authentication Manager is configured).
3. The Server Agent sends login information to the RSA Authentication Manager.
4. The result from the RSA Authentication Manager (success/fail) is sent to BoKS Manager, which responds with success/failed login.

Integration Types

RSA MFA API (REST) integrations can provide a rich user interface with all RSA SecurID Access features within the partner application. Refer to the Supported Features section in this guide to see which features this partner application has implemented. 

Supported Features

This section shows all the supported features by integration type and by RSA components. Use this information to determine which integration type and which RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with Fortra BoKS ServerControl 8.1 using each integration type.

Fortra BoKS ServerControl 8.1 Integration with RSA Cloud Authentication Service

Fortra BoKS ServerControl 8.1 Integration with RSA Authentication Manager

Authentication Methods	RSA MFA API (REST)	RADIUS	Authentication Agent
RSA SecurID		-	-
On Demand Authentication		-	-
Risk Based Authentication	-	-	-

	Supported
-	Not supported
n/t	Not yet tested or documented, but may be possible
n/a	Not applicable

Configuration Summary

This section contains instruction steps that show how to integrate Fortra BoKS ServerControl 8.1 with RSA SecurID using all of the integration types.

This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components.

All RSA SecurID and Fortra BoKS ServerControl 8.1 components must be installed and working prior to the integration. It is recommended to perform the necessary tests to confirm all components are installed and configured properly.

The BoKS Server Agent hosts must be registered in the RSA Authentication Manager database.

Integration Configuration

RSA Authentication Manager

• RSA MFA API (REST)

Reference

• Login Screens

RSA Terminology Changes

The following table describes the differences in the terminologies used in the different versions of RSA products and components. 

Known Issues

No known issues.

Certification Details

RSA Authentication Manager 8.6, Virtual Appliance or later

RSA Software Token 3.0.5 Windows 7

BoKS ServerControl boks-server-8.1.0.2-2, boks-client-8.1.0.4-2, Red Hat EL 9.0