Download RSA Authentication Manager 8.1 Help Desk Administrator's Guide PDF

TitleRSA Authentication Manager 8.1 Help Desk Administrator's Guide
LanguageEnglish
File Size592.2 KB
Total Pages104
Table of Contents
                            Contents
Preface
	About This Guide
	RSA Authentication Manager 8.1 Documentation
	Related Documentation
	Support and Service
		Before You Call Customer Support
RSA Authentication Manager Overview
	Purpose of RSA SecurID and RSA Authentication Manager
	How Authentication Manager Protects Resources
	RSA SecurID Tokens Overview
	On-Demand Authentication Overview
	Risk-Based Authentication
	Policies Overview
	Identity Sources
	RSA Self-Service
	Reports
	Administrative Roles
Confirming a User’s Identity
Using the Security Console
	Security Console
		Log On to the Security Console
	Online Help
		Help On This Page
		Help Table of Contents
		iHelp
Managing Users
	Users
	User Dashboard
		User Dashboard Tasks
		Use Quick Search to View the User Dashboard for a User
	Add a User with Options to the Internal Database
	Add a User to the Internal Database
	Edit a User in the User Dashboard
	Delete a User
	Enable a User Account in the User Dashboard
	Disable a User Account in the User Dashboard
	Locked User Accounts
	Unlock a User in the User Dashboard
	Assign a User Alias in the User Dashboard
	Change a User's Password in the User Dashboard
	Require a User to Change a Password using the User Dashboard
	Managing Security Questions
		Set Requirements for Security Questions
		Clear Security Question Answers in the User Dashboard
	Manage User Authentication Settings in the User Dashboard
	View Accessible Agents in the User Dashboard
Managing User Groups
	User Groups
		Add a User Group
		Edit User Groups
		View User Group Members
		Add a User to a User Group in the User Dashboard
		View User Group Memberships for a User in the User Dashboard
Managing RSA SecurID Tokens
	RSA SecurID Tokens Overview
	Import a Token Record File
	Assign a Hardware Token to a User in the User Dashboard
	Assign Hardware Tokens to Multiple Users
	Distribute a Hardware Token
	Software Token Profiles
	Assign Software Tokens to Multiple Users
	Assign and Distribute a Software Token to a User Using File-Based Distribution in the User Dashboard
	Distribute Multiple Software Tokens Using File-Based Provisioning
	Distribute One Software Token Using Compressed Token Format (CTF)
	Distribute Multiple Software Tokens Using Compressed Token Format (CTF)
	Assign and Distribute a Software Token to a User Using Dynamic Seed Provisioning in the User Dashboard
	Distribute Multiple Software Tokens Using Dynamic Seed Provisioning (CT-KIP)
	Enable a Token in the User Dashboard
	Disable a Token in the User Dashboard
	Delete a Token
	View a Token
	Replace a Token for a User in the User Dashboard
	Resynchronize a Token in the User Dashboard
	Unassign a Token from a User in the User Dashboard
On-Demand Authentication
	On-Demand Authentication
	Enable On-Demand Authentication for a User in the User Dashboard
	Enable Users to Set Initial On-Demand Authentication PINs in the User Dashboard
	Clear a User's On-Demand Authentication PIN in the User Dashboard
	Disable On-Demand Authentication for a User in the User Dashboard
Emergency Access
	Online Emergency Access
		Assign a Temporary Fixed Tokencode
		Assign a Set of One-Time Tokencodes
	Offline Authentication
		Provide an Offline Emergency Access Tokencode
		Provide an Offline Emergency Passcode in the User Dashboard
Managing RSA SecurID PINs
	RSA SecurID PINs
	Clear an RSA SecurID PIN in the User Dashboard
	Obtain the PIN Unlocking Key for an RSA SecurID 800 Authenticator
RSA Self-Service
	RSA Self-Service
	Clear a Cached Copy of Windows Credentials in the User Dashboard
	Managing Authenticators for Self-Service Users
	Self-Service Request Management
		Approve and Reject User Requests
		Search for User Requests
		View User Requests
		Complete User Requests
		Cancel User Requests
Managing Reports
	Reports
	Run a Report Job
	View a Report Template
	View An In Progress Report Job
	View A Completed Report
	Edit a Report
Monitoring User Activity in Real-Time
	Real-time Monitoring Using Activity Monitors
	View Messages in the Activity Monitor
	View Recent Authentication Activity in the User Dashboard
Glossary
Index
	A
	C
	D
	E
	F
	H
	I
	L
	M
	O
	P
	R
	S
	T
	U
	V
                        
Document Text Contents
Page 1

RSA® Authentication Manager 8.1
Help Desk Administrator’s Guide

Page 2

Contact Information

Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm

Trademarks

RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or
other countries. All other trademarks used herein are the property of their respective owners. For a list of RSA trademarks, go
to www.emc.com/legal/emc-corporation-trademarks.htm#rsa.

License Agreement

This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and
may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice
below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any
other person.

No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.

Third-Party Licenses

This product may include software developed by parties other than RSA. The text of the license agreements applicable to
third-party software in this product may be viewed on the product documentation page on RSA SecurCare Online. By using
this product, a user of this product agrees to be fully bound by terms of the license agreements.

Note on Encryption Technologies

This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.

Distribution

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.
Copyright © 1994-2013 EMC Corporation. All Rights Reserved
December 2013

www.emc.com/domains/rsa/index.htm
www.emc.com/legal/emc-corporation-trademarks.htm#rsa

Page 52

RSA Authentication Manager 8.1 Help Desk Administrator’s Guide
4. Under Assigned SecurID Tokens, click Assign More Tokens > Assign Software
Tokens.

5. Select a token from the list or search for a token in the search bar.

6. Click Assign Token(s).

7. From the Select Token Profile drop-down list, select a software token profile with
file-based provisioning as the delivery method.

8. In the Device Serial Number field, leave the default selection or enter the
appropriate device information.

9. (Optional) In the Nickname field, enter a user-friendly nickname for the software
token, if supported.

10. You can choose to Password Protect the token file. The following options are
available:

• Password. Enter a password of your choice. This password applies to all
software tokens in the token distribution file. A password can be up to 24
characters long.

• No password. The user does not enter a password.

• User ID. The user enters his or her User ID.

• Combination User ID followed by Password. The user enters his or her
User ID and the password that you set. The User ID and password
combination can be up to 24 characters long.

11. If you select Password or Combination, choose a password, and enter it in the
Password and Confirm Password fields.

12. Click Save and Distribute.

13. Click Download Now.

Next Step

Save a software token to a file and electronically deliver it to the user's device.
52 6: Managing RSA SecurID Tokens

Page 53

RSA Authentication Manager 8.1 Help Desk Administrator’s Guide
Distribute Multiple Software Tokens Using File-Based Provisioning

When you distribute software tokens using file-based provisioning, token data is
stored in a token distribution file (SDTID file). The SDTID file is added to a ZIP file
for download.

Before You Begin

• Instruct users to install the software token application on their devices. For
installation instructions, see the Administrator's Guide for your software token
application.

• Your Super Admin must add a software token profile.

• Assign tokens to users.

Important: When you redistribute tokens using this method, any existing users of
these tokens may no longer be able to authenticate. Users must import the new token
data before they can authenticate.

Procedure

1. In the Security Console, click Authentication > SecurID Tokens > Distribute
Software Tokens in Bulk > Generate Software Token Files.

2. In the Job Name field, enter a name for the job, or accept the default name. The
job is saved with this name so that you can review the details of the job later. Enter
a unique name from 1 to 128 characters. The characters & % > < are not allowed.

3. From the Software Token Profile drop-down list, select a software token profile
with file-based provisioning as the delivery method.

4. In the DeviceSerialNumber field, do one of the following:

• To bind the token to the device class, leave the default setting.

• To bind the token to a specific device, clear the field and enter the device ID
you obtained from the user.

5. Enter a nickname or leave the Nickname field blank.

6. You can choose to Password Protect the token file. The user must enter the
password when adding the token to the SecurID application on the device. Select
an option:

• Password. Enter a password of your choice. This password applies to all
software tokens in the token distribution file. A password can be up to 24
characters long for 128-bit tokens and 8 characters long for 64-bit tokens.

• No password. The user does not enter a password.

• User ID. The user enters his or her user ID.

• Combination User ID followed by Password. The user enters his or her user
ID and the password that you set. The user ID and password combination can
be up to 24 characters long for 128-bit tokens and 8 characters long for 64-bit
tokens.
6: Managing RSA SecurID Tokens 53

Page 103

RSA Authentication Manager 8.1 Help Desk Administrator’s Guide
SecurID
obtain unlocking key for

SecurID800, 76
overview, 11

security console, 19
log on, 20

security questions
clear answers, 37
clear user answers, 37
clearing, 36
definition, 36
manage, 36
risk-based authentication, 12
set enrollment requirements, 37
specify for authentication, 36

self-service
approve user requests, 79
cancel request, 82
complete requests, 81
overview, 14, 77
reject user requests, 79
request management, 79
search requests, 80
troubleshooting, 79
view requests, 80

software tokens
assign and distribute, 51, 57
assign to multiple users, 50
compressed token format

provisioning, 50
configuration, 49
delivery methods, 49
device attributes, 50
device definition file, 48
dynamic seed provisioning, 49, 58
file-based provisioning, 49, 53
profiles, 48

T
temporary fixed tokencode

assign, 69
token distribution

dynamic seed provisioning, 57
File-based, 51
hardware token, 48

tokencode
assign one-time tokencode, 70
assign temporary fixed tokencode, 69
offline emergency access, 72
tokencode lifetime, 70

tokens
assign hardware, 46
assign software to multiple users, 50
assign software tokens CT-KIP, 51
assign software tokens file-based, 57
compressed token format

provisioning, 50
delete, 61
device attributes, 50
disable, 60
distribute hardware, 48
distribute software tokens CT-KIP, 51
distribute software tokens file-based, 57
dynamic seed provisioning, 49
enable, 60
file-based provisioning, 49, 53
import token record file, 45
multiple dynamic seed, 58
overview, 12, 45
passcode overview, 12
PINs, 75
policy, 13
profiles, 48
provisioning, 79
replace, 62
resynchronize, 63
self-service provisioning, 14
software token configuration, 49
tokencode overview, 12
unassign, 64
view, 61

U
user dashboard

overview, 24
tasks, 24

user groups
add group, 41
add user, 42
edit, 41
overview, 41
view members, 42
view user memberships, 43

user identity
confirm, 17
Index 103

Page 104

RSA Authentication Manager 8.1 Help Desk Administrator’s Guide
users
add new with options, 28
add to internal database, 29
add to user group, 42
assign alias, 34
assign hardware token, 46
authentication settings, 38
change password, 35
clear cached passwords, 77
clear security question answers, 37
delete, 31
delete token, 61
disable, 33
disable ODA, 67
disable token, 60
distribute hardware token, 48
edit, 31
enable, 32
enable ODA, 65
enable token, 60
groups, 41
locked, 33
replace token, 62
require password change, 36
resynchronize token, 63
self-service, 14, 77
set initial ODA PIN, 66
unassign token, 64
unlock, 34
view accessible agents, 39
view group membership, 43
view token, 61

V
version

viewing, 9
104 Index

Similer Documents