RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: All 8.x
Here is a simple walk through document on what to do to get Authentication Manager up and running.
Here is a simple walk through document on what to do to get Authentication Manager up and running. I will put that on my to do list. In the meantime, you have set up your Auth Manager primary (and replica) and imported your tokens. Next steps would be:
- Download your installation files, license and tokens from my.rsa.com.
- If you purchased hardware tokens, follow the steps in the article on the information on the RSA SecurID protected delivery program and how it will impact the token record media decryption process for customers. Note that when you decrypt the files, you only have one chance to do it. If you see errors, please contact the Customer Asset Management team to order new tokens.
- Follow the steps in the RSA Authentication Manager 8.7 Setup and Configuration Guide to perform Quick Setup on your primary and replicas then generate a replica package.
- Perform Quick Setup on your replica(s), using the replica package generated in Step 3. From the Operations Console Home tab, click the Replication Status link to confirm replication is healthy.
- Set up your optional external identity sources. We support several options. If you opt to create external identity sources, you will need to go to the Security Console and click Setup > Identity Sources > Link Identity Source to System. Move your identity sources to the right so they are in the Linked column and click Save.
- Create your authentication agents and/or RADIUS clients. We have several RSA authentication agents, so take your pick and use the relevant Installation and Administration Guide to complete the install. For RADIUS clients, download our RSA Ready implementation guides. We partner with hundreds of companies to provide many options for authentication.
- Assign tokens to your users and distribute them.
- For hardware tokens, once they are assigned, deliver them to your end users in a secure manner.
- For software tokens, you need to create a software token profile first, then distribute the tokens. The bottom of the page lists the various options for software token delivery (file based, CT-KIP, CTF). Follow steps to distribute the tokens.
- Now you have agents and tokens to test. The Authentication Agent 7.4.5 For Microsoft Windows will be used for an example:
- From the Security Console on your primary, start the Authentication Activity Monitor:
- Navigate to Reporting > Real Time Activity Monitors.
- Select Authentication Activity Monitor. Click Start Monitor.
- Now on the server where the Windows agent is installed the Windows agent,
- Launch the Control Center (there should be an icon on your Start Menu.
- Click Advanced Tools > Test Authentication.
- In the User Name text box, enter the user ID for the token you assigned to yourself.
- Enter your tokencode:
- If you have a hardware token, enter the six digits you see on the token and press OK. You will be prompted to create a PIN. Enter the PIN you want to create and click OK. Follow the prompts to re-enter the the PIN. You will need to wait for the tokencode to roll.
- For software tokens, behavior will differ based on the software token profile you create. To create a PIN, enter the digits you see on the token app or press 0000 if you do not see any digits in the display. Follow the prompts to create a PIN.
- If your software token is PIN-Pad style, you key your PIN into the token app to generate a passcode. You enter just the eight-digit passcode when authenticating.
- If your software tokens is Tokencode style, you follow the same steps to create the PIN but when you authenticate, you manually enter your PIN + the tokencode you see on the display into your device.
- You can watch in the Authentication Activity Monitor for messages about the PIN being created and a symmetric key called the node secret sent to the agent. For any RSA agent, the PIN creation process will be the same if a user has not yet created a PIN. It will be similar for RADIUS clients and the steps to create a PIN are in the product implementation guides.
These steps above are the absolute basics to test that your agents and tokens are working. As you get used to the software you can consider other options available in the Operations Console, such as:
In the Security Console, you can do the following some or all of the following:
There is a lot here with which you can get familiar. All of the Authentication Manager documentation
is on the RSA community. Also, every page on the Operations Console and Security Console has a Help option on the right of the page. The topics are very thorough with the documentation and steps to complete the task.
Please contact RSA support
For any downloads, be sure to read the release notes and readme files for the release to be up to date on issues that are resolved and any other relevant information.