This section contains instructions on how to integrate RSA SecurID Access with CiscoISE as an authentication agent.
RSA Authentication Manager
To configure your RSA Authentication Manager for use with an authentication agent, you must create an agent host record in the Security console of your Authentication Manager and download its configuration file (sdconf.rec).
Agent host record configuration differs slightly depending on whether you are using a UDP-based agent (using 8.1.x or earlier RSA Agent API) or TCP-based agent (using 8.5 or newer RSA Agent API).
If UDP-based agent:
Hostname: Configure the agent host record name to match the hostname of the agent.
IP Address: Configure the agent host record to match the IP address of the agent.
Note:Authentication Manager must be able to resolve the IP address from the hostname
If TCP-based agent:
Hostname: Configure the agent host record name to match the agent name as specified in the agent's configuration. It does not have to match the hostname of the authentication agent.
IP Address: Leave blank. Any input to this field will be disregarded.
Follow the steps in this section to integrate CiscoISE with RSA SecurID Access as an authentication agent.
1. Login to Cisco ISE Administrative Console and browse to Administration > Identity Management > External Identity Sources > RSA SecurID and click Add.
2. Click to Import new ‘sdconf.rec’ file, mark the checkbox to Reauthenticate on Change PIN and click Submit.
If integrating your RSA SecurID External Identity Source with Guest Access Portal you will need to add it to an Identity Source Sequence.
3. Browse to Administration > Identity Management > Identity Source Sequences and click to Add or Edit an Identity Source Sequence.
4. Add your RSA SecurID External Identity Source to the Selected window in the AuthenticationSearch List section and click Save.
SecurID Agent Integration Details
RSA Authentication Agent API
8.1.3 for C
RSA SecurID Authentication API (REST)
RSA SecurID User Specification
Display RSA Server Info
Perform Test Authentication
sdstatus.12 / jastatus.12
This section is provided to show an administrator how to load, remove, or update the sdopts.rec, sdstatus.12 and Node Secret file if it was not previously documented under the Partner Authentication Agent Configuration section. It is also provided to list any technologies or terms specific to the Partner product that may not be viewed as common knowledge. If a testing utility has been added to the product so that you can test RSA SecurID authentications from the product then add a note on how to get to and use the utility.