I have set up a Windows Agent (7.4.2) on a non-Domain joined Windows server and have tested authentication using via the RSA Control Center. During the testing I used domain accounts and successfully authenticated using a Hardware token, the authenticate tokencode and Push.
Since the server doesn’t belong to a domain, I assume I must set up an account in the AM database. I also assume it would have to be a unique UserID that matches the name of the local windows account.
Can you confirm that this is how I’d do this?
Now, what about the cloud service? Since I don’t have that user in a LDAP source that the IDR can see, I further assume that I would only be able to use hardware and traditional software tokens.
Additionally, the mobile Authenticate app can only have one user associated with it, so even if I did add these users to an LDAP store some how, users who needed to log into this windows agent would need two devices.
To recap, my questions are:
- Do I have create unique accounts in the AM database for each user on the non-domain joined Windows Servers?
- Is there any way for these users to use the Authenticate mobile app?
- If there is a way to do this, how do I get around the “one device per user” restriction?