This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Preventing end users from bypassing the RSA SecurID Access Cloud Authentication Service

Article Number

000036556

Applies To

RSA Product Set: SecurID Access

Issue

When the RSA Cloud Authentication Service is enabled for an application, it is important to make sure that end users cannot bypass the Service and access the application directly with weaker, or perhaps no authentication.

Task

Check your application's documentation and/or the application's Integration Guide on RSA Link to see if it has a configuration option that will enforce access using only a single authentication source.  Applications that support RADIUS or Relying Party or SAML single sign-on will typically prevent authentication by any other means, once those options are enabled.  However, when HTTP Federation or Trusted Headers are used, there will probably not be a built-in means within an application that prevents bypass of the RSA Cloud Authentication Service.

Resolution

An internal application or website protected by HTTP Federation or Trusted Headers can be limited to only accepting incoming connections from the RSA Identity Routers' proxy IP address, thereby denying access from any other source. This can be achieved with a firewall.
Tags (62)
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 02:38 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.