RSA Authentication Manager 8.1 Administrator's Guide.pdf - RSA\u00ae Authentication Manager 8.1 Administrator\u2019s Guide Contact Information Go to the RSA

RSA Authentication Manager 8.1 Administrator's Guide.pdf -...

This preview shows page 1 out of 480 pages.

You've reached the end of your free preview.

Want to read all 480 pages?

Unformatted text preview: RSA® Authentication Manager 8.1 Administrator’s Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of RSA trademarks, go to . License Agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Third-Party Licenses This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed on the product documentation page on RSA SecurCare Online. By using this product, a user of this product agrees to be fully bound by terms of the license agreements. Note on Encryption Technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright © 1994-2013 EMC Corporation. All Rights Reserved. Published in the U.S.A. December 2013 RSA Authentication Manager 8.1 Administrator’s Guide Contents Preface................................................................................................................................. 15 About This Guide.............................................................................................................. 15 RSA® Authentication Manager 8.1 Documentation ......................................................... 15 Related Documentation..................................................................................................... 16 Support and Service .......................................................................................................... 16 Before You Call Customer Support........................................................................... 17 Chapter 1: RSA Authentication Manager Overview ................................ 19 Introduction to RSA Authentication Manager .................................................................. 19 Multifactor Authentication ........................................................................................ 19 Key Components for RSA Authentication Manager ........................................................ 20 Primary Instance ....................................................................................................... 20 Replica Instance ........................................................................................................ 21 Identity Sources ........................................................................................................ 21 RSA Authentication Agents....................................................................................... 21 Risk-Based Authentication for a Web-Based Resource ............................................ 22 RSA RADIUS Overview ........................................................................................... 22 Web Tier .................................................................................................................... 23 Self-Service................................................................................................................ 23 Load Balancer ............................................................................................................ 24 RSA SecurID Authentication Overview ........................................................................... 24 RSA SecurID Authentication Process ....................................................................... 25 RSA SecurID Tokens................................................................................................. 26 The Role of RSA Authentication Manager In SecurID Authentication .................... 28 On-Demand Authentication .............................................................................................. 28 On-Demand Authentication User Logon Example.................................................... 29 Risk-Based Authentication ............................................................................................... 29 Risk-Based Authentication Prevents Data Loss from Stolen Passwords .................. 30 How Risk-Based Authentication Works.................................................................... 31 Chapter 2: Preparing RSA Authentication Manager for Administration ................................................................................................................ 33 Security Console ............................................................................................................... 33 Log On to the Security Console................................................................................. 34 Security Console Customization................................................................................ 34 Security Console Protection....................................................................................... 37 Configure Security Console Authentication Methods .............................................. 37 Identity Sources................................................................................................................. 38 Data from an LDAP Directory................................................................................... 39 Data from the Internal Database ................................................................................ 39 Security Domain Overview............................................................................................... 39 User Organization and Management ......................................................................... 39 Policy Enforcement.................................................................................................... 40 Contents 3 RSA Authentication Manager 8.1 Administrator’s Guide Scope of Administrator’s Control.............................................................................. 40 Security Domains and Policies .................................................................................. 40 Add a Security Domain.............................................................................................. 41 Default Security Domain Mappings .......................................................................... 43 Planning for Domain Name System Updates ................................................................... 44 Administrative Role Overview ......................................................................................... 44 Types of Administrative Roles .................................................................................. 44 Administrative Role Assignment............................................................................... 44 Administrative Role Components.............................................................................. 45 Predefined Administrative Roles ............................................................................... 50 Administrative Role Settings .................................................................................... 55 Administrative Role Scope and Permissions ............................................................. 57 Add an Administrative Role ..................................................................................... 58 Assign an Administrative Role .................................................................................. 60 View Available Permissions of an Administrator .................................................... 60 Chapter 3: Deploying Authentication Agents ............................................. 63 RSA Authentication Agents.............................................................................................. 63 Authentication Agent Types ..................................................................................... 63 Obtaining RSA Authentication Agents ..................................................................... 63 Deploying an Authentication Agent ................................................................................. 64 Generate the Authentication Manager Configuration File ....................................... 65 Add an Authentication Agent ................................................................................... 66 Node Secret for Encryption............................................................................................... 68 Manual Delivery of the Node Secret ......................................................................... 68 Manage the Node Secret ........................................................................................... 69 Refresh the Node Secret Using the Node Secret Load Utility.................................. 69 Automatic Agent Registration .......................................................................................... 70 Allow an Agent to Auto-Register ............................................................................. 71 Download an RSA Authentication Manager Server Certificate ............................... 71 Contact Lists for Authentication Requests........................................................................ 72 Automatic Contact Lists ............................................................................................ 72 Manual Contact Lists ................................................................................................. 73 Chapter 4: Configuring Authentication Policies ....................................... 75 Policies .............................................................................................................................. 75 Token Policy ..................................................................................................................... 76 Token Policy Settings ................................................................................................ 77 Add a Token Policy .................................................................................................. 80 Offline Authentication Policy ........................................................................................... 82 Offline Authentication Policy Settings ...................................................................... 82 Add an Offline Authentication Policy ...................................................................... 83 Password Policy ................................................................................................................ 85 Password Policy Settings ........................................................................................... 86 Add a Password Policy ............................................................................................. 88 4 Contents RSA Authentication Manager 8.1 Administrator’s Guide Lockout Policy .................................................................................................................. 90 Lockout Policy Settings ............................................................................................. 90 Add a Lockout Policy ............................................................................................... 91 Self-Service Troubleshooting Policy ................................................................................ 92 Self-Service Troubleshooting Policy Settings ........................................................... 92 Add a Self-Service Troubleshooting Policy ............................................................. 93 Risk-Based Authentication Policies.................................................................................. 94 Risk-Based Authentication (RBA) Policy Settings ................................................... 94 Add a Risk-Based Authentication Policy ................................................................. 95 Risk-Based Authentication Message Policy ..................................................................... 97 Risk-Based Authentication Message Policy Settings ................................................ 97 Add a Risk-Based Authentication Message Policy .................................................. 97 Chapter 5: Integrating LDAP Directories ....................................................... 99 Identity Sources................................................................................................................. 99 Data from an LDAP Directory................................................................................... 99 Data from the Internal Database ................................................................................ 99 Identity Source Data Flow ....................................................................................... 100 Identity Source Properties ....................................................................................... 101 Identity Source Scope ............................................................................................. 105 Active Directory Identity Sources that are Not Global Catalogs............................. 106 Active Directory Global Catalog Identity Sources ................................................. 107 Configure the Active Directory Connection Time-Out ........................................... 109 Integrating an LDAP Directory as an Identity Source .................................................... 109 Add an Identity Source ........................................................................................... 110 Link an Identity Source to the System .................................................................... 112 Verify the LDAP Directory Identity Source ........................................................... 112 Failover Servers ...................................................................................................... 112 Securing the Communications Path .................................................................................114 Identity Source SSL Certificates ............................................................................. 114 Password Policy for Active Directory ......................................................................116 Custom Attribute Mapping ..............................................................................................116 Identity Source User Attributes ................................................................................117 Unique Identifier Attribute .......................................................................................117 User Account Enabled State Attribute......................................................................118 Chapter 6: Administering Users .........................................................................119 Common User Administration Tasks...............................................................................119 Add a User to the Internal Database ................................................................................119 User Status ...................................................................................................................... 121 Disable a User Account .......................................................................................... 121 Enable a User Account ........................................................................................... 121 Security Domains to Organize Users .............................................................................. 122 Move Users Between Security Domains ................................................................ 122 Duplicate User IDs................................................................................................... 123 Contents 5 RSA Authentication Manager 8.1 Administrator’s Guide User Authentication ........................................................................................................ 123 Manage User Authentication Settings .................................................................... 123 Logon Alias.............................................................................................................. 125 Unlock a User ......................................................................................................... 125 Incorrect Passcode Count......................................................................................... 126 Managing Security Questions ......................................................................................... 126 Set Requirements for Security Questions ............................................................... 127 Custom Security Questions ..................................................................................... 127 Modify the Security Questions File ........................................................................ 128 Emergency Online Authentication.................................................................................. 129 Assign a Set of One-Time Tokencodes .................................................................. 129 Assign a Temporary Fixed Tokencode ................................................................... 130 Emergency Offline Authentication ................................................................................. 132 Provide an Offline Emergency Access Tokencode ................................................ 132 Provide an Offline Emergency Passcode................................................................ 133 RSA SecurID PINs.......................................................................................................... 133 Set an Initial On-Demand Authentication PIN for a User ...................................... 134 Clear a User's On-Demand Authentication PIN ..................................................... 135 Require Users to Change Their RSA SecurID PINs................................................ 135 Clear an RSA SecurID PIN .................................................................................... 135 Obtain the PIN Unlocking Key for an RSA SecurID 800 Authenticator ............... 136 Import PIN Unlocking Keys ................................................................................... 136 User Groups .................................................................................................................... 137 User Group Organization.......................................................................................
View Full Document

  • Spring '17
  • Dr. rashed

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture