Pete Waranowski from RSA Partner Engineering first shows how to integrate a Cisco ASA 9.3 with Authentication Manager 8.1 for Risk-Based Authentication and then demonstrates the end user experience.
Before starting you must integrate the ASA Clientless SSL-VPN portal with SecurID. Refer to the RSA Ready Implementation Guide, available at Cisco Systems Inc. - Technology Integrations or the video in this series for information on how to integrate your ASA with SecurID.
RBA is supported with both native SecurID and RADIUS AAA server groups.
A quick overview
- Select the ASA agent from Access > Authentication Agents > Manage Existing.
- Download integration script for the correct agent type.
- Login to the Cisco ASDM and upload the risk based authentication script to the Clientless SSL-VPN web contents.
- Add a new customization object.
- Apply changes.
The end user experience
- The user opens a browser and goes to the SSL-VPN portal page.
- The user is redirected to RSA Secure logon page.
- The user logs in with a user name and password
- The user is prompted to select security questions and provide answers.
- The user is logged in to the SSL-VPN portal page.