System Settings

System settings affect the entire deployment. You can access the following settings from this page.

Authentication Settings

Security Questions Management. An authentication method used for logging on to the Self-Service Console, and can be used as an identity confirmation method for risk-based authentication (RBA). The user enrolls by answering questions, and provides the same answers during authentication. For more information. see Managing Security Questions and Methods for Enabling Users for Risk-Based Authentication.

Security Questions Requirements. Enrollment and authentication requirements for users who enroll to use security questions.

Password Dictionary. A text file that contains words that cannot be used as passwords. A deployment can have one password dictionary. For more information, see Password Dictionary.

On-Demand Tokencode Delivery. Allows users to receive tokencodes on their mobile phones or through personal e-mail. For instructions, see Configure On-Demand Tokencode Delivery.

Tokens. Allows you to configure authentication and token replacement settings. You can also change host name and port number in CT-KIP URLs. For instructions, see Configure Token Settings.

Agents. Allows you to configure auto registration of the authentication agents in the deployment. You can also define the port number for the agent to communicate with the Authentication Service, and configure domain name mapping between the NT LAN Manager (NTLM) name and the User Principal Name (UPN). For instructions, see Configure Agent Settings.

SecurID Authentication API. Allows you to configure the SecurID Authentication API for authentication agents. You can also generate the Access ID and Access Key for communicating with agents, and you can update the communication port. For instructions, see Configure the SecurID Authentication API for Authentication Agents.

Cloud Authentication Service Invitation. You can configure the e-mail template used to invite users to register devices for the Cloud Authentication Service. For instructions, see Customize the RSA Cloud Authentication Service Invitation.

Cloud Authentication Service Configuration. You can connect RSA Authentication Manager to the Cloud Authentication Service to enable Approve authentication for your users when they access agent-protected resources. The easiest way to configure the connection is by clicking Configure the Cloud on the Security Console Home page and entering the details step-by-step as described in Connect RSA Authentication Manager to the Cloud Authentication Service. If you already did this, you can edit the connection settings as needed. For instructions, see Managing the RSA Cloud Authentication Service Connection.

Cloud Authentication Service Identity Router. You can download and configure an identity router on the primary instance and each replica instance. The identity router communicates with the Cloud Authentication Service and enforces authentication and access for users of protected resources. For instructions, see Embedded Identity Router in RSA Authentication Manager.

Console and Session Settings

Security Console Authentication Methods. Authentication methods required to log on to the Security Console. For instructions, see Configure Security Console Authentication Methods.

Security Console Display Options. Display settings for users and attributes. For more information, see Set Console Display Options.

Session Handling. Limits the number of concurrent sessions allowed, the number of concurrent sessions an individual user is allowed, and determines how to handle users that exceed that limit. For more information, see Configure Session Handling.

Session Lifetime. Configure session durations. This important security feature prevents administrators from keeping sessions open indefinitely, leaving them vulnerable to unauthorized access. For more information, see Edit Session Lifetime Settings.

Basic Settings

E-mail (SMTP). Some applications use Simple Mail Transfer Protocol (SMTP) to send messages. You must configure SMTP on a primary or replica instance to enable this service. For more information, see Configure the SMTP Mail Service.

Logging. Set log levels and the log data destination. For more information, see Log Configuration Parameters.

Critical System Event Notification. Configure e-mail notification for administrators if a critical system event occurs, for example, if data replication between the primary instance and a replica instance stops. For instructions, see Configure Critical System Event Notification.

Report Notification. Configure a standard group of administrator email addresses that you can select when you run a report. The administrators receive an email notificationthat includes the report name and a link to the report. You can enter additional email addresses as needed. For instructions, see Configure Report Notification.

Advanced Settings

Caching. Improve performance by managing the caching of system objects. For instructions, see Configure the Cache.

Network Monitoring (SNMP). Configure Simple Network Management Protocol (SNMP) to monitor network events. For instructions, see Configure SNMP.

Alternate Instance IP Addresses. Provide alternative IP addresses for each instance. For instructions, see Add Alternative IP Addresses for Instances.

RADIUS. Allows you to perform routine RADIUS administrative tasks that apply to all RADIUS servers and clients in a deployment. For more information, see RADIUS Settings.

Telemetry. Configure the telemetry service. Telemetry data tracks the usage of RSA Authentication Manager features and provides reliability and software version information for your Authentication Manager instances. For instructions, see Configure the Telemetry Service.