SecurID® Governance & Lifecycle Blog

Subscribe to the official SecurID Governance & Lifecycle community blog for information about new product features, industry insights, best practices, and more.

RSA Identity Governance & Lifecycle Webinar #16 - Jan 2021: Recording and Presentation

JamiePryer
Employee (Retired) Employee (Retired)
Employee (Retired)
0 1 662

Hey all,

A great deep dive RSA IG&L webinar to get us started in 2021!

Please find below the playback recording, Presentation, useful links and Q&A

Huge thanks to Andrew Weadock for this presentation and demo‌

** Key Items**

 

 

** #16 January - Webinar Playback Video *

Recorded playback video:

 

** Previous Webinars **

RSA Identity Governance and Lifecycle - Monthly Webinar Summary 

 

** Next Webinar **

 

Q&A Summary:  

QuestionAnswer
Can user registration be done for external users as well or internal only?Using RSA SecurID Access we can do "offline" users. The demo and examples in the webinar were all around users who are onsite/VPN.
"The application would have to be public facing in order to have employees reset their password without their computer?
Or is it being used in kiosk mode?"
The OTB features assume the user can access RSA IGL via a browser or they are connected/on the company network
How the new user informed about password policy? Via email or via RSA IGL note?It can be via the UI or Email. UI is obviously more secure
"What If I miss my challenge questions?
Can I revert back to the initial Identity confirmation for one user?"
Answered on the webinar.
How does the user get to the 'see my password page' again? Are they already logged in? How did they get logged in if they had their password reset?

Once enabled, its from their "user" screen and home screen. 

If they dont know their AD password, there is the option to reset this too, as shown in the webinar. 

Are those forms (help-desk, users reset) out of the box ready in IGL? Can you show us where they are?Out of the box, shown in the webinar
How does helpdesk authenticate the called in user? Can they verify challenge Q&A to verify the identity?This is not possible via the solution, that would be a service desk process. Note that the service desk doesnt know the password and so it would still be secured, plus only the user could see their password when they log into RSA IG&L. We could add notifications to the process, so the user and their manager (for example) is notified if a password is ever reset. 
For a user who "owns" or is responsible for service/system accounts, can they manage/view the system/service accounts direclty in the GUI as well?yes - discussed in the webinar
Many of our clients are using this password reset functionality from Azure / Office 365 (SSPR) which fully integrates with Windows out of the box. What would be the unique selling point for the RSA IGL solution? The helpdesk option is very welcome, however the standard feature Im wondering how I should promote it.The key is that this goes out to all endpoints, not just AD/O365/Microsoft solutions. 
I might have missed it, but is the Password module included in the license?Yes, if you have "lifecycle" 
Not clear for me if this user is yet created in AD.. and we are doing a password creation OR if this is creating an user PLUS creating his passwordYes, we do either and/or both - discussed in the webinar
So the Company credential is protected by the IGL login which would be required to be separate in this case?yes - discussed in the webinar
Is IGL resetting the password alone or storing the modified password in IGL database?Discussed in the webinar
If I don't want to publish for security reason the IGL console, can i still provide password reset from my house for codiv?Discussed in the webinar
does the credential provider work on citrix servers/terminal servers, too?Yes - Discussed in the webinar

the question always comes up about adding custom questions vs the canned questions that come with IGL

This can be achieved by updating the questions that are there already. New ones cant be added but existing can be updated. 
1 Comment