RSA SecurID Access

Note: RSA SecurID is an Advanced Authenticator available as part of the Professional edition of ADSelfService Plus. RSA SecurID is a two-factor authentication (2FA) system from RSA Security LLC that enables users to securely connect to network resources. Users can securely access ADSelfService Plus using security codes from the RSA SecurID mobile application, physical tokens, or passcodes sent through email or SMS. Setting up RSA SecurID authentication You can set up RSA SecurID as an authenticator in ADSelfService Plus in two steps: Include the ADSelfService Plus server in the SecurID SECURITY CONSOLE as an authentication agent. Configure ADSelfService Plus for RSA SecurID. Prerequisites Ensure that you have installed a supported version of RSA Authentication Manager. For SDK integration: RSA Authentication Manager 8.0 or higher For REST API integration: RSA Authentication Manager 8.2 SP1 or higher Including ADSelfService Plus as an authentication agent in the RSA SecurID SECURITY CONSOLE Log in to your RSA admin console (e.g., ). Navigate to Access > Authentication Agents. Click Add New. Enter the hostname of the ADSelfService Plus server in the Hostname field and click Resolve IP to establish a connection between the SecurID SECURITY CONSOLE and the ADSelfService Plus server. Click Save to add the ADSelfService Plus server as an authentication agent. Configuring ADSelfService Plus for RSA SecurID RSA SecurID configuration can be done using either of these methods: REST API Integration SDK Integration Note: It is recommended to configure RSA authentication using REST API as RSA SecurID no longer supports SDK Integration. Steps to configure RSA SecurID with REST API integration Log into the RSA admin console and navigate to Setup > System Settings. Under Authentication Settings, click RSA SecurID Authentication API. Copy the Access ID, Access Key, and Communication Port details. Log into the ADSelfService Plus admin console and navigate to Admin > Configuration > Self-Service > Multi-factor Authentication > RSA SecurID. From the Choose the Policy drop-down, select a policy. Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy. Click RSA SecurID. For Integration Type, select REST API. Enter the hostname of RSA Authentication Manager in the API Host Name field. Paste the port number and access key obtained in Step 3 in the Port and Access Key fields, respectively. Enter the authentication agent's name (i.e., the hostname or access URL of the ADSelfService Plus server) in the Client Id field. Check the Secure API requests to RSA server with HMAC Authentication box to verify the integrity of the authentication requests. Please follow the steps mentioned under HMAC prerequisites before enabling HMAC authentication. Enter the access ID copied in Step 3, in the Access Id field. Select a Username Pattern that matches the User Account Format in the RSA admin console. Note: Users across different domains can have the

Why can't I install RSA Authenticator (SecurID)?The installation of RSA Authenticator (SecurID) may fail because of the lack of device storage, poor network connection, or the compatibility of your Android device. Therefore, please check the minimum requirements first to make sure RSA Authenticator (SecurID) is compatible with your phone.How to check if RSA Authenticator (SecurID) is safe to download?RSA Authenticator (SecurID) is safe to download on APKPure, as it has a trusted and verified digital signature from its developer.How to download RSA Authenticator (SecurID) old versions?APKPure provides the latest version and all the older versions of RSA Authenticator (SecurID). You can download any version you want from here: All Versions of RSA Authenticator (SecurID)What's the file size of RSA Authenticator (SecurID)?RSA Authenticator (SecurID) takes up around 43.2 MB of storage. It's recommended to download APKPure App to install RSA Authenticator (SecurID) successfully on your mobile device with faster speed.What language does RSA Authenticator (SecurID) support?RSA Authenticator (SecurID) supports Afrikaans,አማርኛ,اللغة العربية, and more languages. Go to More Info to know all the languages RSA Authenticator (SecurID) supports.

Server settings in the product. Expand One time password via email and check the One time password via email option. Enter a subject and draft a message using Macros in the Subject and Message fields, respectively. Click Save. RSA Authenticator RSA SecurID is a 2FA mechanism developed by the RSA, the Security Division of EMC, for users attempting to access a network resource. Users can use the security codes generated by the RSA SecurID mobile app, a hardware token, or a token sent to their email or mobile device to log in to ADManager Plus. You can follow the steps below to configure RSA SecurID for SDK integration. Steps to configure RSA SecurID for SDK integration: Log in to your RSA admin console (e.g., DNS name/sc). Go to the Access tab. Under Authentication Agents, click Add New. Add ADManager Plus Server as an Authentication Agent and click Save. Navigate back to the Access tab. Under Authentication Agents, click Generate Configuration File. Download the AM_Config.zip file. Copy the Authentication Manager configuration file, sdconf.rec from the zip and paste it in /bin. If there is a file named securid (node secret file), copy and paste it, too. Note: Ensure that the JAR files mentioned below are extracted from RSA SecurID and placed in the /lib folder: authapi.jar Log4j.jar certj.jar commons-logging.jar cyrptojce.jar cryptojcommon.jar jcmFIPS.jar sslj.jar xmlsec.jar Restart ADManager Plus after adding the files. Click Save. Microsoft Authenticator Install and set up Microsoft Authenticator on your smartphone. Navigate to ADManager Plus and expand Microsoft Authenticator. Check the Enable Microsoft Authenticator option. While logging in to ADManager Plus, enter the code generated by the Microsoft Authenticator app in your smartphone, in addition to your username and password. SMS verification To enable SMS verification as an authentication method, configure SMS gateway settings in ADManager Plus and follow these steps: Expand SMS Verification and check the Enable SMS Verification box. In the Message field, enter the SMS content using macros and click Save. Steps to enroll your phone number Login to ADManager Plus using your account credentials. In the Log in using SMS Verification page that opens

Same username, causing ambiguity during RSA mapping. To ensure secure authentication, we strongly recommend using a username pattern that includes the domain. This Username Pattern needs to match the RSA User Account Format in the RSA admin console, to accurately map domain user accounts to RSA user accounts. Click Test Connection and Save. Steps to configure RSA SecurID with SDK integration Ensure that the required JAR files listed below are present in the /lib folder. authapi-8.6.jar log4j-1.2.12rsa-1.jar cryptojcommon-6.1.3.3.jar jcmFIPS-6.1.3.3.jar cryptojce-6.1.3.3.jar Note: These JAR files pertain to the latest version of Authentication Agent SDK for Java (version 8.6). If they are not present in the /lib folder, please download them from RSA Community. In the RSA admin console, navigate to Access > Authentication Agents > Generate Configuration File. Click Generate Config File to download the AM_Config.zip file. Extract the sdconf.rec file from the ZIP file. Log into the ADSelfService Plus admin portal and navigate to Admin > Configuration > Self-Service > Multi-factor Authentication > Authenticators Setup > RSA SecurID. From the Choose the Policy drop-down, select a policy. Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy. Click RSA SecurID. For Integration Type, select SDK. Click Browse and select the sdconf.rec file downloaded from the SecurID SECURITY CONSOLE. Select a Username Pattern that matches the User Account Format in the RSA admin console. Note: Users across different domains can have the same username, causing ambiguity while matching RSA accounts to ADSelfService Plus user accounts during MFA. To ensure secure authentication, we strongly recommend using a Username Pattern that includes the domain name (domain_dns_name) or email (email_id) to accurately map domain user accounts to RSA User Accounts, which need to be in the same format. Utilizing only the username (user_name) in the Username Pattern is discouraged for security reasons. Click Save. Once enabled, users belonging to the policy for which RSA authentication has been enabled will be asked to verify their identity with their SecurID tokens while logging in. Note: Please ensure that all the users are associated with the configured authentication agent (the ADSelfService Plus server) and have enrolled in RSA Authentication Manager with the same username and SecurID tokens assigned to them. If you experience problems while authenticating via RSA, log in to your RSA admin console and go to the Reporting tab. Under Real-time Activity Monitors, go to Authentication Activity Monitor > Start Monitor to troubleshoot. HMAC prerequisites Hash-based message authentication code (HMAC) is used to validate the authentication requests that are exchanged between authentication agents and the RSA SecurID Authentication API. Log on to the appliance with the Secure Shell client or access the appliance on a virtual machine with the VMware vSphere Client, Hyper-V Virtual Machine Manager, or Hyper-V Manager. To verify authentication requests by