Hi SecureID experts,
I had used RSA for secure ID token in our product that used to have flow like :
User enters first time with TokenCode -> RSA SHARES PIN for user and "Secure ID" is set --> User stores PIN and uses to generate Token every time to get passcode...
With recent RSA ver8.3 setup we found change in this initial PIN setup flow, and here User is prompted to set PIN instead of providing PIN to user. Current flow looks like this:
User enters first time with TokenCode -> RSA REQUESTS for PIN and upon confirmation of same PIN from user "Secure ID" is set --> User stores PIN and uses to generate Token every time to get passcode...
This change is impacting our existing interface software and we need more information regarding this change.
Can you please help us with following info:
1. Can we configure tokens / RSA to be like previous config where RSA provides PIN to user? If we can provision please share steps to do same.
2. When this change introduced and do we have to maintain same across all products / Lic. What are RSA Ver and RSA tool ver it should work with ?
We have RSA demo version for our development and test for Cisco leading optical transport product that supports RSA based authentication. Its field deployed config that we need to support with update across our platforms and RSA.
Regards,
Ajitabh
Hi Ajitabh,
You should be able to configure the token policy for system generated PIN. You did not mention your prior AM version.
What was changed was older versions had an option to allow the end-user to select whether they would select a PIN or allow the system to generate a PIN on their behalf. This mode has been deprecated. The token policy is configured to either allow the user to assign the PIN or to have it generated by the system and provided to the user.
1. Can we configure tokens / RSA to be like previous config where RSA provides PIN to user? If we can provision please share steps to do same.
In the Security Console select "Administration > Policies > Token Policies > Manage Existing...". Click on the "Initial Token Policy" and select "Edit". Under the "SecurID Pin Format" section, select the "Require System Generated PIN" radio button and "Save".
2. When this change introduced and do we have to maintain same across all products / Lic. What are RSA Ver and RSA tool ver it should work with ?
This was introduced starting with AM 7.x. All certified partner agents should handle the system generated (or user-specified) PIN protocol.
Some notes....