Hi All,
I am installing a new RSA, and need to integrate it with LDAP. Integration with LDAP is done and i can see all AD account in RSA. Now, when i try to protect the resource, i want to setup i a way, that only manually allowed users are challenged by RSA. RSA should not challenge all users in AD. I set option to challenge all users except users in group, but that didnt served my request.
I believe another option will be map allowed users in a different group, that is not feasible as different users are from different AD group and have different polices applied.
Also, only the allowed request should see RSA prompt while login, all other should not see RSA login prompt.
Any Document or any Guidance to achieve that is highly appreciated.
Thanks,
Ashish
The agent logic can protect a group, so you will need to identify the challenged users somehow by group, [even if
you make a new group, and add users to it, just for needing to use tokens].
The fact the users see the securid token login, regardless if they need a token or not, is partly unavoidable, and partly by design. An unauthorized person cannot 'probe' userids to determine if a user needs a token or not. If we were able to display the token login only for users who need one, and a password for users who don't, that is revealing too much information to anyone about your security setup, so by design, the login prompt is the same for everyone. You may be able to display more tiles and have users who do not need a token use a specific login tile, but the idea is all users see the same login...it is just one of those logins will accept a password, and one of those will need a passcode first. Users will need to be trained a bit on which systems will force them to use a token, so the login experience is not frustrating.