SecurID® Integrations
- RSA Community
- :
- Products
- :
- SecurID
- :
- Integrations
- :
- Microsoft Outlook on the Web 2016 - RSA Ready SecurID Access Implementation Guide
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Microsoft Outlook on the Web 2016 - RSA Ready SecurID Access Implementation Guide
Microsoft Corporation
Outlook on the Web 2016
Solution Summary
Use Case
When integrated, Microsoft Outlook on the web end users must authenticate with RSA SecurID Access to sign in. Microsoft Outlook on the web can integrate using RSA Authentication Agent for Web: IIS or RSA Authentication Agent for AD FS.
Integration Types
RSA Authentication Agent for Web: IIS allows you to protect selected web pages with RSA SecurID. The Web Agent software, residing on a web server (agent host), intercepts all user requests for protected web pages. When a user attempts to access a URL that RSA SecurID protects, the Web Agent requests the user name and passcode (which consists of an RSA SecurID PIN and the tokencode from the user’s authenticator) and passes them to RSA Authentication Manager for authentication. If the authentication is successful, the Web Agent stores the information in a cookie in the user’s browser. As long as the cookie remains valid, the user is granted access to protected web pages.
Visit the RSA Authentication Agent for Web: IIS page on RSA Link for documentation and downloads.
RSA Authentication Agent for AD FS is authentication software that connects your Microsoft Active Directory Federation Services (AD FS) server to RSA SecurID Access using the REST protocol to provide multifactor authentication capabilities for AD FS. When a user attempts to access an AD FS-protected resource, the user enters username and password credentials for primary authentication. Agent for AD FS then prompts the user to complete one or more additional authentication methods, depending on the configured authentication mode.
Agent for AD FS supports these authentication modes:
- RSA Authentication Manager. Connects the agent to an existing RSA Authentication Manager instance in your deployment, making the SecurID Token method available for user authentication. You use the Operations Console, Security Console, and Self-Service Console to manage identity sources, users, and tokens.
- Cloud Authentication Service. Connects the agent to the RSA SecurID Access Cloud Authentication Service, making the Authenticate Tokencode, Approve, Device Biometrics, SMS Tokencode, and Voice Tokencode methods available. If Authentication Manager is integrated with the Cloud Authentication Service, RSA SecurID Token can also be used to authenticate in this mode. You use the Cloud Administration Console to manage identity sources, users, access policies, and authentication methods.
Visit the RSA Authentication Agent for AD FS page on RSA Link for documentation and downloads.
Supported Features
This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use.
Microsoft Outlook on the web integration with RSA Cloud Authentication Service
| Authentication Methods |
Web Agent |
AD FS Agent |
|---|---|---|
| RSA SecurID | n/a | ✔ |
| LDAP Password | n/a | ✔ |
| Authenticate Approve | n/a | ✔ |
| Authenticate Tokencode | n/a | ✔ |
| Device Biometrics | n/a | ✔ |
| SMS Tokencode | n/a | ✔ |
| Voice Tokencode | n/a | ✔ |
| FIDO Token | n/a | n/a |
Microsoft Outlook on the web integration with RSA Authentication Manager
| Authentication Methods |
Web Agent |
AD FS Agent |
|---|---|---|
| RSA SecurID | ✔ | ✔ |
| On Demand Authentication | ✔ | ✔ |
| Risk-Based Authentication | ✔ | n/a |
| ✔ | Supported |
| - | Not supported |
| n/t | Not yet tested or documented, but may be possible. |
| n/a | Not applicable |
