AnsweredAssumed Answered

RSA SecurID Integration with OWA

Question asked by Khwaja Zia ul Hasan on Apr 4, 2016
Latest reply on Jul 21, 2016 by Khwaja Zia ul Hasan

Like • Show 0 Likes0
Comment • 4

Hello,

When we protect the OWA with RSA SecurID, it challenges all users. Even if we select the "Enable Selective Users" from the IIS Agent it comes up with the default RSA SecurID Username and Passcode screen. It doesnot accepts the password in that screen for other users, for which we don't want to challenge.

Can you please let me know the steps to only challenge the users of a particular group and not all users?

Thanking You

Zia

Khwaja Zia ul Hasan Jul 21, 2016 9:26 AM

Correct Answer

The problem got solved. Actually although I was signed in with the Administrator user, still I was supposed to open the agent with "Run as Administrator".

Since I was not doing this, it showed that it is working but actually it didn't applied the settings. As soon as I did it with "Run as Administrator: it worked for me.

Regards

Zia

See the reply in context

No one else had this question

Outcomes

Peter George

Apr 4, 2016 9:45 AM

Hello Zia,

You need to enable challenge configuration to either a group of users, or challenge all except a group of users, through:

Control Panel (the machine with the web agent) -> RSA Authentication Agent -> Advanced TAB
Challenge configuration, choose the needed option
Type in the group name that you either want to challenge or exclude from challenge

For all users, they will be seeing the RSA page page, and passcode, the difference is that upon entering the password for an unchallenged user, they will be able to login.

You can also check the Authentication Activity monitor on the Security Console for reference.

P. 55 of the Web Agent guide, in the .zip of the installer .zip of the installer contains further details of the process.

Best Regards,

Peter

Actions

Khwaja Zia ul Hasan @ Peter George on Apr 6, 2016 9:57 AM

Yes I have tried to select a specific group. It is working fine for those users which are assigned the passcodes. But it is not allowing other users to login with Passwords. In just a second it gives the error: " 100: Access denied: The RSA ACE/Server rejected the Passcode. Please try again."

I also enabled Real time Activity Monitor, but no events are shown for login attempt.

I tried one more thing , that I removed one user from the Group which is to be challenged. Still it is allowing that user to login with the Passcode.

I think I am doing something wrong in Challenge Configuration. I have selected All Users In {Domain Name}\{Group Name}

Regards

Zia

Actions

Yasmine Dowidar

Apr 6, 2016 5:12 AM

Hi Khwaja Zia ul Hasan,

Did you find the response helpful?

Thanks,

Yasmine

Actions

Khwaja Zia ul Hasan Jul 21, 2016 9:26 AM

The problem got solved. Actually although I was signed in with the Administrator user, still I was supposed to open the agent with "Run as Administrator".

Since I was not doing this, it showed that it is working but actually it didn't applied the settings. As soon as I did it with "Run as Administrator: it worked for me.

Regards

Zia

Actions

4 Replies

Peter George Apr 4, 2016 9:45 AM
Mark Correct
Correct Answer
Hello Zia,

You need to enable challenge configuration to either a group of users, or challenge all except a group of users, through:
1. Control Panel (the machine with the web agent) -> RSA Authentication Agent -> Advanced TAB
2. Challenge configuration, choose the needed option
3. Type in the group name that you either want to challenge or exclude from challenge
For all users, they will be seeing the RSA page page, and passcode, the difference is that upon entering the password for an unchallenged user, they will be able to login.

You can also check the Authentication Activity monitor on the Security Console for reference.
P. 55 of the Web Agent guide, in the .zip of the installer .zip of the installer contains further details of the process.

Best Regards,
Peter
Like • Show 0 Likes0
Actions
- Khwaja Zia ul Hasan @ Peter George on Apr 6, 2016 9:57 AM
  Mark Correct
  Correct Answer
  Yes I have tried to select a specific group. It is working fine for those users which are assigned the passcodes. But it is not allowing other users to login with Passwords. In just a second it gives the error: " 100: Access denied: The RSA ACE/Server rejected the Passcode. Please try again."
  
  I also enabled Real time Activity Monitor, but no events are shown for login attempt.
  
  I tried one more thing , that I removed one user from the Group which is to be challenged. Still it is allowing that user to login with the Passcode.
  
  I think I am doing something wrong in Challenge Configuration. I have selected All Users In {Domain Name}\{Group Name}
  
  Regards
  Zia
  Like • Show 0 Likes0
  Actions
Yasmine Dowidar Apr 6, 2016 5:12 AM
Mark Correct
Correct Answer
Hi Khwaja Zia ul Hasan,

Did you find the response helpful?

Thanks,
Yasmine
Like • Show 0 Likes0
Actions
Khwaja Zia ul Hasan Jul 21, 2016 9:26 AM
Unmark Correct
Correct Answer
The problem got solved. Actually although I was signed in with the Administrator user, still I was supposed to open the agent with "Run as Administrator".
Since I was not doing this, it showed that it is working but actually it didn't applied the settings. As soon as I did it with "Run as Administrator: it worked for me.

Regards
Zia
Like • Show 0 Likes0
Actions

RSA SecurID Integration with OWA

Outcomes

Related Content

Recommended Content