Can we the SecurID appliance link with AD on Administrator account for Administrator access to manage the token administration?
How about the Operation access? Can it link with AD Administrator account?
Kok Wooi CHAN
Chan Kok Wooi,
I've moved your question to the RSA SecurID Access space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA SecurID Access and click Ask A Question. That way your question will appear in the correct space.
Security Console can be an administrator whose account is based in AD.
Operations Console cannot.
Operations Console accounts are stored internally and separate from the user database and all other accounts.
Given the option of a Security Console administrator being in the AD or in the local internal database, is one preferred over the other and if so, why?
We have segregated AD Administrator ID and staff ID to manage route works. For IT administration to manage the IT security devices, we would like to use the assigned AD Administrator ID to perform administration work as it is one of IT compliance.
The administrator's user record can reside in AD, but there are a few caveats to keep in mind. You must assign administrator roles to userids in the Security Console; you cannot automatically grant administrator privileges in AM using an AD group, for example. Also, some Operations Console operations require you to present credentials for a userid with the SuperAdmin role. That userid must be in the Internal Database, not in AD, and the required credentials use an RSA_Password not a token. Further, you must have some administrative userids in the Internal Database so that someone can access the Security Console in the event the connection to AD goes down.
The comment that there would be no admin access to the Security Console if the AD goes down was exactly my concern about admins in the AD vs internal database. Thank you for explaining.
Retrieving data ...