AnsweredAssumed Answered

RSA PIN Change Self-Service Portal

Question asked by Yuvraj Gill on Jul 31, 2018
Latest reply on Aug 1, 2018 by Erica Chalfin

Like • Show 0 Likes0
Comment • 7

Hello,

We have historically used Citrix and RSA tokens to VPN into our network. We are decommissioning Citrix this year, and moving to a Barracuda client VPN. All you have to do to connect is enter in your RSA token into the VPN client, and it'll connect you. However, what if you are new and don't have a PIN? How do new users create a PIN for their newly assigned RSA token?

This led me to the self-service portal. Is it possible to meet this requirement with the self-service portal?

If so, I was hoping to connect the portal to AD for seamless logins. However, from what I read you have to use manually created users in the internal database. Is this true?

No one else has this question

Outcomes

7 Replies

Erica Chalfin Jul 31, 2018 5:37 PM
Mark Correct
Correct Answer
Yuvraj Gill,

I've moved your question to the RSA SecurID Access space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.

Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA SecurID Access <product name> and click Ask A Question. That way your question will appear in the correct space.

Regards,
Erica
Like • Show 0 Likes0
Actions
Edward Davis Aug 1, 2018 8:15 AM
Mark Correct
Correct Answer
Barracuda should be able to handle the 3-way handshake when a user logs in with a tokencode and that token needs a pin, but doesn't have one yet, and the user can create a pin during the VPN login process, as the RSA server will ask the Barracuda to prompt the user for a pin. If not, the user can access the self-service console and do a passcode login, and the same pin setup can happen there. Typically when setting a new pin it goes like this: username and code from token, then it asks to set up a pin, then confirm pin, then it asks now enter next passcode. What this now means is wait for the token to change to a new code, and now enter the new pin followed by the new code on token.

Terminology we use: 'Tokencode' is the code from a token with no pin involved. 'Passcode' means pin combined with the code from a token. Most login prompts will ask for the passcode but the user should know if they don't have a pin yet, just enter the tokencode when needed, and a full passcode once there is a pin set.

Handheld tokens are always pin+tokencode displayed. Software tokens, if set up keyfob style, work the same way, but if software tokens are set up pin-pad style, then it works a bit differently. Pin-pad tokens always ask to enter a pin into the application, if there is no pin yet, just enter nothing, and it displays a tokencode. Login with that code, and go through the pin setup. Now when the login asks for a passcode, you enter the pin into the software token app (not the login prompt) and the app will add the pin to the tokencode it would have displayed, and show you a passcode (and it will be the same number of digits as the tokencode). The pin is mathematically hidden inside the digits. Login with that passcode.
Like • Show 2 Likes2
Actions
- Yuvraj Gill @ Edward Davis on Aug 1, 2018 9:09 AM
  Mark Correct
  Correct Answer
  Thank you for the detailed response!
  
  Self-service portals works great.
  
  The Barracuda VPN is close to working but unfortunately does not. It recognizes that a user does not have a PIN, and will prompt the user to create a PIN but doesn't actually set it. Any ideas?
  Like • Show 0 Likes0
  Actions
  - Erica Chalfin @ Yuvraj Gill on Aug 1, 2018 9:35 AM
    Mark Correct
    Correct Answer
    Yuvraj Gill,
    
    You would need to provide the authentication activity logs in order for the SecurID team to troubleshoot your issue.
    
    From the Security Console, navigate to Reporting > Reports > Add New.
    Select the Authentication Activity Template and click Next. your report, following the wizard. Click Save when done.
    On the next page, click on the context arrow next to your report name and select Run Report Job Now.
    Click Run Report.
    On the Report Output page, click Completed. Your report should be listed there. If not, click Refresh List.
    Click on the context arrow next to the report and choose Download CSV file.
    Save the file locally and provide it to the engineer assigned to your case.
    
    Regards,
    Erica
    Like • Show 0 Likes0
    Actions
    - Yuvraj Gill @ Erica Chalfin on Aug 1, 2018 11:06 AM
      Mark Correct
      Correct Answer
      Everything is good! Thank you so much for your help.
      Like • Show 1 Like1
      Actions
      - Erica Chalfin @ Yuvraj Gill on Aug 1, 2018 1:05 PM
        Mark Correct
        Correct Answer
        Yuvraj Gill,
        
        Great to hear! What was the issue? I am sure other customers would like to know how you resolved the situation.
        
        Regards,
        Erica
        Like • Show 0 Likes0
        Actions
Erica Chalfin Aug 1, 2018 8:48 AM
Mark Correct
Correct Answer
Yuvraj Gill,

To add to Edward Davis' great description of the PIN creation process, note a difference between hardware tokens and software tokens:
- Hardware tokens can have a PIN that starts with a zero; 01234567, for example.
- With software tokens, PINs cannot start with a leading zero.
Regards,
Erica
Like • Show 0 Likes0
Actions

RSA PIN Change Self-Service Portal

Outcomes

Related Content

Recommended Content