AnsweredAssumed Answered

Windows Agent on non-Domain joined server

Question asked by JOHN MILLER on Jul 29, 2019

Hi,

I have set up a Windows Agent (7.4.2) on a non-Domain joined Windows server and have tested authentication using via the RSA Control Center. During the testing I used domain accounts and successfully authenticated using a Hardware token, the authenticate tokencode and Push.

 

Since the server doesn’t belong to a domain, I assume I must set up an account in the AM database. I also assume it would have to be a unique UserID that matches the name of the local windows account.

Can you confirm that this is how I’d do this?

 

Now, what about the cloud service? Since I don’t have that user in a LDAP source that the IDR can see, I further assume that I would only be able to use hardware and traditional software tokens.

 

Additionally, the mobile Authenticate app can only have one user associated with it, so even if I did add these users to an LDAP store some how, users who needed to log into this windows agent would need two devices.

To recap, my questions are:

 

  1.       Do I have create unique accounts in the AM database for each user on the non-domain joined Windows Servers?
  2.        Is there any way for these users to use the Authenticate mobile app?
  3.         If there is a way to do this, how do I get around the “one device per user” restriction?

Thank you

Outcomes