Department of Supply & Services (CIMS) RSA Web Express User Guide v1.2

Department of Supply & Services (CIMS) RSA Web Express User Guide v1.2 Created: May 22, 2008 Updated: April 23, 2009 The RSA Web Express web express web site automates functions required to deploy hardware tokens to GNB users for secure remote access to network resources. The following four functions are available for users: 1. Activate an Approved Token (Page 2) 2. Test Your Token (Page 11) 3. Setup Q & A Authentication (Page 13) 4. Change your Pin* (Page 17) * Please see section called I forgot my PIN for additional PIN reset information This is the link for accessing the user self service functions RSA Web Express - https://rsa-web-exp.gnb.ca 1

1 - Activate an Approved Token Go the RSA Web Express Home page and Select Activate an Approved Token. Input information required to activate the token. If the Token User selects the link in the email sent to them earlier the only information required for input is the token serial number (Skip to Activate Token Screen 2): User ID - Must match the users Active Directory User ID Token Activate Code This is the email sent to the Token User in step 9 Token Serial Number 9 digit number located on back of token right above the expiry date Activate Token Screen 1 Enter your User ID / Activation code and click Next. 2

Activate Token Screen 2 Enter your Token Serial Number and click Next. 3

Activate Token Screen 3 Confirm your information and click Submit. 4

Activate Token Screen 4 Click Test Your Token. 5

Activate Token Screen 5 Hardware Token Users - Enter your User ID / Token Passcode (The 6 digit number displayed on the token) and click Submit. Software Token Users - Enter your User ID / Token Passcode (The 8 digit number obtained by opening the Blackberry RSA Application, not entering any pin, and selecting Get Passcode ) and click Submit. 6

Activate Token Screen 6 Choose a PIN Creation method and click Submit. The two options are: I will enter my own PIN = You can choose your own PIN (Skip to Activate Token Screen 7a) Let Web Express generate the PIN for me = You will receive a randomly generated 4 digit alphanumeric PIN (Skip to Activate Token Screen 7b) 7

Activate Token Screen 7a Enter your new PIN in both textboxes and click Submit, then skip down to Activate Token Screen 8 8

Activate Token Screen 7b To display your system generated PIN click Display PIN and the following window will pop up with your PIN. Activate Token Screen 7c After you have memorized your PIN (Do not write it down anywhere!) click Ok to close the window, then skip down to Activate Token Screen 8 9

Activate Token Screen 8 Upon successful PIN Creation proceed to 2 Test Your Token 10

2 - Test Your Token Test Your Token Screen 1 IMPORTANT note: You cannot use the same token digits that were used on Activate Token Screen 5, if necessary wait until the token displays new digits (They change every 60 seconds). Login using the following information: User ID - Must match your Active Directory User ID ** Only on of the following ** Token Passcode (Hardware Tokens Only) <Your 4-8 character alphanumeric PIN> + the 6 digit number displayed on the token (Example, if your pin is abc123, you would enter abc123xxxxxx where the X s represent what is displayed on the token). Token Passcode (Software Tokens Only) <Your 8 digit number obtained by entering your pin in the Blackberry RSA application and selecting Get Passcode > 11

Test Your Token Screen 2 The Token is now activated in the users name and can only be used for remote access in conjunction with the PIN that only the Token User knows. Upon successful Token Test proceed to 3 - Setup Q & A Authentication 12

3 - Setup Q & A Authentication Setup Q & A Authentication Screen 1 IMPORTANT note: You cannot use the same token digits that were used on Activate Token Screen 5, if necessary wait until the token displays new digits (They change every 60 seconds). Login using the following information: User ID - Must match your Active Directory User ID ** Only on of the following ** Token Passcode (Hardware Tokens Only) <Your 4-8 character alphanumeric PIN> + the 6 digit number displayed on the token (Example, if your pin is abc123, you would enter abc123xxxxxx where the X s represent what is displayed on the token). Token Passcode (Software Tokens Only) <Your 8 digit number obtained by entering your pin in the Blackberry RSA application and selecting Get Passcode > 13

Setup Q & A Authentication Screen 2 Use the drop down menus to choose 5 question / answer combinations that are easy for you to remember, then click Next. 14

Setup Q & A Authentication Screen 3 Verify your information and when you are satisfied click Submit 15

Setup Q & A Authentication Screen 4 Q & A Setup is complete. Should you forget your PIN you can back to the RSA Web Express web site anytime and reset it after correctly answering any 3 of these 5 preset questions. 16

4 - Change your Pin In order to change your PIN you must first authenticate yourself to the system, either with your existing PIN or using the Q & A Authentication process. Change your PIN Screen 1 Choose your authentication method and click Next. The two options are: SecureID = Login using your existing PIN (Skip to Change your PIN Screen 2a) Q&A = Login using the questions / answers you provided when you activated your token, use this method if you can t remember your PIN. (Skip to Change your PIN Screen 2b) 17

Change your PIN Screen 2a Login using the following information, and Skip to Change your PIN Screen 3: User ID - Must match your Active Directory User ID ** Only on of the following ** Token Passcode (Hardware Tokens Only) <Your 4-8 character alphanumeric PIN> + the 6 digit number displayed on the token (Example, if your pin is abc123, you would enter abc123xxxxxx where the X s represent what is displayed on the token). Token Passcode (Software Tokens Only) <Your 8 digit number obtained by entering your pin in the Blackberry RSA application and selecting Get Passcode > 18

Change your PIN Screen 2b Enter your User ID and click Next. This will retrieve your questions from the RSA System. 19

Change your PIN Screen 2c Enter the answers to your preset questions and click Next (You must correctly answer 3 of the 5 questions, and the answers are case sensitive). 20

Change your PIN Screen 2d Confirm your answers and click Submit (Skip to Change your PIN Screen 3) 21

Change your PIN Screen 3 Choose RSA Authentication Manager PIN and click Next 22

Change your PIN Screen 4 Enter your new PIN, and confirm, then click submit. 23

Change your PIN Screen 5 Your new PIN is set. 24

I forgot my PIN If forget you PIN and / or enter an incorrect PIN you will not be allowed to connect to the GNB Network with the Cisco VPN Client. If an incorrect PIN is entered, the system will repeatedly asks for your Password while displaying Authenticating User in the bottom left hand corner of the Cisco VPN Client, as shown: Image 1 Repeated Login Failure If forget you PIN and / or enter an incorrect PIN 10 times in a row the token is placed in Next Code mode. At this point you have two choices: Remembering the PIN, login with the PIN normally and when prompted for Enter Next PASSCODE, wait for a new code and enter only the 6 digits displayed on the token (This is necessary to prove the original PIN holder is using the token) See Image 2 Next Passcode Go to the Web Express System home page, login in with Q&A authentication, choose a new pin and login with this new PIN (The Next Code mode is cleared when a new token is set). 25

Image 2 Enter Next PASSCODE 26