RSA SecurID Ready Implementation Guide

Similar documents
RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide

Lieberman Software. RSA SecurID Ready Implementation Guide. Account Reset Console. Partner Information. Last Modified: March 20 th, 2012

RSA SecurID Ready Implementation Guide

Stonesoft Corp. Stonegate Firewall and VPN

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

Two-Factor Authentication

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

RSA SecurID Ready Implementation Guide

Migrating MSDE to Microsoft SQL 2008 R2 Express

RSA SecurID Software Token 3.0 for Windows Workstations Administrator s Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

Apache Server Implementation Guide

QUANTIFY INSTALLATION GUIDE

Kaseya Server Instal ation User Guide June 6, 2008

SafeWord Domain Login Agent Step-by-Step Guide

IMS Health Secure Outlook Web Access Portal. Quick Setup

1.6 HOW-TO GUIDELINES

RSA Authentication Manager 7.1 Basic Exercises

Synchronizer Installation

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

VoIP Intercom and Elastix Server

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Managing Software Updates with System Center 2012 R2 Configuration Manager

TIBCO Spotfire Automation Services 6.5. Installation and Deployment Manual

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

StarWind Virtual SAN Installation and Configuration of Hyper-Converged 2 Nodes with Hyper-V Cluster

AVG Business SSO Connecting to Active Directory

Installing and Configuring vcloud Connector

VoIPon Tel: +44 (0) Fax: +44 (0)

Virtual Appliance Setup Guide

Table of Contents. FleetSoft Installation Guide

Lieberman Software Corporation Enterprise Random Password Manager

Configuring a Windows 2003 Server for IAS

Endpoint Security VPN for Windows 32-bit/64-bit

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

WhatsUp Gold v16.1 Installation and Configuration Guide

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Deploying System Center 2012 R2 Configuration Manager

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Sophos for Microsoft SharePoint startup guide

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Team Foundation Server 2013 Installation Guide

IIS, FTP Server and Windows

Team Foundation Server 2010, Visual Studio Ultimate 2010, Team Build 2010, & Lab Management Beta 2 Installation Guide

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Configuring Avaya Aura Communication Manager and Avaya Call Management System Release 16.3 with Avaya Contact Center Control Manager Issue 1.

EVALUATION ONLY. WA2088 WebSphere Application Server 8.5 Administration on Windows. Student Labs. Web Age Solutions Inc.

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Getting Started with the Ed-Fi ODS and Ed-Fi ODS API

TIBCO Spotfire Automation Services Installation and Configuration

NetWrix Password Manager. Quick Start Guide

RSA ACE/Agent 5.5 for Windows Installation and Administration Guide

Team Foundation Server 2012 Installation Guide

Setting Up SSL on IIS6 for MEGA Advisor

SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore

How To Use The Syndicate Bank Rsa Security Token For Internet Banking On Pc Or Mac Or Mac (For A Web Browser) For A Long Time (For An Ipad) For Free (For Free) For An Unlimited Time) For Your

Upgrading from MSDE to SQL Server 2005 Express Edition with Advanced Services SP2

Defender Token Deployment System Quick Start Guide

NETWRIX CHANGE NOTIFIER

LAE 5.1. Windows Server Installation Guide. Version 1.0

F-Secure Messaging Security Gateway. Deployment Guide

Optimization in a Secure Windows Environment

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Install SQL Server 2014 Express Edition

Deploying Intellicus Portal on IBM WebSphere

EMC Data Domain Management Center

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac

DocAve Upgrade Guide. From Version 4.1 to 4.5

VoIP Intercom and Cisco Call Manager Server Setup Guide

ilaw Installation Procedure

VMware Virtual Desktop Manager User Authentication Guide

Sophos Mobile Control Installation guide. Product version: 3

SOA Software API Gateway Appliance 7.1.x Administration Guide

Table of Contents. CHAPTER 1 About This Guide CHAPTER 2 Introduction CHAPTER 3 Database Backup and Restoration... 15

CONFIGURING MICONTACT CENTER ACTIVE DIRECTORY SYNCHRONIZATION AND WINDOWS AUTHENTICATION

Citrix Access Gateway Plug-in for Windows User Guide

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

VERALAB LDAP Configuration Guide

ACTIVE DIRECTORY DEPLOYMENT

RoomWizard Synchronization Software Manual Installation Instructions

Check Point FDE integration with Digipass Key devices

ECA IIS Instructions. January 2005

Installing and Using the vnios Trial

XenClient Enterprise Synchronizer Installation Guide

Practice Fusion API Client Installation Guide for Windows

BlackShield ID Agent for Remote Web Workplace

Vess A2000 Series. NVR Storage Appliance. Windows Recovery Instructions. Version PROMISE Technology, Inc. All Rights Reserved.

NSi Mobile Installation Guide. Version 6.2

1. Data Domain Pre-requisites. 2. Enabling OST

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

StruxureWare Power Monitoring 7.0.1

VERITAS Backup Exec TM 10.0 for Windows Servers

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

Using Logon Agent for Transparent User Identification

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Implementation Guide for protecting

IBM WebSphere Application Server Communications Enabled Applications Setup guide

Transcription:

RSA SecurID Ready Implementation Guide Last Modified: August 26, 2011 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product Description Voice Innovate http://voiceinnovate.com/ V1.1, Supported on Windows Server 2003 R2 The Application is intended to add a third factor of authentication to existing Smart Card login processes using Voice Biometrics. Users typically access a secured web page, provide their RSA SecurID credentials and then are prompted to call the IVR to perform voice authentication. Once voice authenticated, the user is then given access to the secured resource.

Solution Summary Voice Innovate s adds a third factor of authentication to the standard RSA SecurID login processes using voice biometrics technology. Utilizing, existing RSA SecurID token users will be required to validate their respective identities with their biometric voice print after each successful SecurID authentication. Once the system is in place, RSA SecurID token users will be instructed to dial in to an Interactive Voice Response (IVR) service to register their voice prints. The IVR service will prompt each user for his/her RSA SecurID token serial number and a RSA SecurID passcode. After a successful SecurID authentication, each user will be asked to repeat the numbers 0 through 9 to complete enrollment. Once enrolled, users will be prompted to key in their PIN the RSA SecurID tokencode at the client s login screen as usual. After successfully completing this step, a page will appear with instructions to call an 800 number for voice authentication. When they dial in, users will be prompted to enter their respective token serial numbers and to repeat 4 or more random digits. will then use this voice sample to authenticate each enrolled user against the appropriate voice print. If successful, the user would be allowed to continue to the requested application. If the voice sample did not pass validation, the user would be denied access. - 2 -

components are comprised of the following: The Web Application an OpenID provider that hosts the web application. The Client Web Application s custom OpenID relying party component will rely on this server for authentication. The Web GUI permits users to authenticate with RSA SecurID and Voice Biometric authentications The IVR an interactive voice response system that provides a telephony interface for voice biometric authentication. The Client Web Application a client-supplied web application served via HTTP(s) protocol that delivers HTML content that will be protected by. The User Database a MySQL database (not required if leveraging an existing corporate database). The following diagram illustrates a sample deployment of within a corporate infrastructure. Typically, the web servers and RSA Authentication Manager servers are part of the corporate infrastructure. The application provides the IVR and the mechanisms required to customize the corporate web server. A minimum of one IVR must be implemented, but multiple instances can be used to provide scalability for call volume, load balancing, and fault tolerance. - 3 -

RSA SecurID supported features Voice Innovate V1.1 RSA SecurID Authentication via Native RSA SecurID Protocol RSA SecurID Authentication via RADIUS Protocol On-Demand Authentication via Native SecurID Protocol On-Demand Authentication via RADIUS Protocol On-Demand Authentication via API RSA Authentication Manager Replica Support Secondary RADIUS Server Support RSA SecurID Software Token Automation RSA SecurID SD800 Token Automation RSA SecurID Protection of Administrative Interface Yes No Yes No No Yes No No No No Authentication Agent Configuration Agent Host Records contain information that allows an RSA Authentication Manager server to locate its clients and establish secure communication channels with them. The server s database must contain Agent Host Records to identify the servers in a given environment. In order to create this record, the following information is required for each IVR server and the Web Application server instance: Hostname IP Addresses for network interfaces Set the Agent Type to Standard Agent when adding the Authentication Agent. This setting is used by the RSA Authentication Manager to determine how communication with will occur. Note: Hostnames within the RSA Authentication Manager / RSA SecurID Appliance must resolve to valid IP addresses on the local network. RSA SecurID files RSA SecurID Authentication Files Files sdconf.rec Node Secret Location %SYSTEM32%\sdconf.rec In Memory - 4 -

Partner Product Configuration Before You Begin This section provides instructions for configuring with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Prerequisites Direct Inward Dial (DID) phone circuits that will be routed to the IVR server. The DID phone number will be used during the Web Application configuration. MySQL can be installed on any server but must be accessible by both the IVR and web applications. Windows 2003 R2 Server is required for the IVR application. An additional Windows 2003 R2 Server is required if the web application is to be housed on a standalone server. Note: The RSA Authentication Manager Windows API library V6.1.3 is automatically installed during the Web Application and IVR installation procedures. Web Application Installation 1. Launch the Web Server Installation program and click the Next button. - 5 -

2. Enter the following information to create a MySQL database and click the Next button. TCP/IP Server the database server s host address User the database Administrator s username Password the above user s password Database a name for the database. Be sure that this name is unique. 3. Accept the default installation folder (or change it as required) and click the Next button. 4. Click the Finish button when the installation has completed. - 6 -

Web Application Configuration 1. Open the web application s config.ini and modify the following variables to suit your configuration: host and port the host address and port that the web application is bound to server_url the fully-qualified domain name of the web page phone_auth the DID phone number that users will dial to access the IVR phone_reg the phone number that users will dial to enroll with. It can be the same as phone_auth. login_fail_wait the number of seconds between failed login attempts login_max_attempts the number of failed login attempts allowed before log_max_wait is applied login_max_wait the length of time a user must wait to log in again cache_dir the directory location that the Web Application will use for its cache 2. Open Services from the Windows Control Panel and start the Web service. Dialogic HMP (VoIp drivers) Installation This section contains instructions for installing the Dialogic HMP VoIp drivers. At the time of this writing, the most current release of HMP is 3.0 Build 307. It can be obtained at the following link: http://www.dialogic.com/products/ip_enabled/download/hmp30/default.htm Ensure that you have a valid HMP Software license file prior to proceeding. If you do not have a license, contact Voice Innovate. 1. After obtaining the Dialog HMP drivers and license file, run the Dialogic installation program and click the Next button. - 7 -

2. Accept the default installation folder (or change it as required) and click the Next button. 3. Ensure Core Runtime, License Package and Demos are checked and click the Next button. - 8 -

4. Click the Yes button to continue the installation. 5. Accept the default program folder (or change it as appropriate) and click the Next button. 6. Review the settings on the next screen and click the Next button. 7. When the installation completes, select the Yes, I want to restart my computer now radio button and click the Finished button. - 9 -

Dialogic HMP Drivers License Activation Ensure you have a valid HMP Software license file prior to proceeding. If you do not have a license, contact Voice Innovate with the host ID value, which can be found in the Host ID field in the HMP License Manager. 1. Place a copy of the license file the HMP software installation folder s data subdirectory (for example, C:\Program Files\Dialogic\HMP\data). 2. Go to the Window s Start menu and click All Programs Dialogic HMP HMP License Manager to launch the licensing utility. 3. Browse to your license in the License File Name field and click the Activate License button. The license is located in the HMP software s installation folder s data subdirectory (for example, C:\Program Files\Dialogic\HMP\data). Note: The license file is named according to the number of ports and features licensed. For example, a 37 port license containing the base HMP features as well as enhanced RTP features might be named: 37r37v37e0c37s0f37i_host_pur.lic. - 10 -

4. Click the OK button and close License Manager. 5. Open the Windows Start menu and click All Programs Dialogic HMP Configuration Manager DCM to launch the configuration utility. 6. Right-click the HMP_Software entry and select Restore device defaults. 7. Click the Yes button on the next screen to restore the device s default values. - 11 -

8. Select the license file and click the OK button. 9. Click Settings Start devices preference Start all. - 12 -

10. Click Settings System/Device autostart Start System. 11. Close the DCM window and reboot the system. - 13 -

IVR Installation This section contains instructions for installing IVR. 1. Launch the installer and click the Next button. 2. Enter the MySQL database information and click the Next button. 3. Click the Install button. 4. Click the Finish button when the installation has completed. - 14 -

LumenVox ASR Speech Recognizer Installation The IVR service uses a third party Speech Recognition engine. The information for installing and licensing the LumenVox ASR speech recognizer can currently be found using a web browser at: http://www.lumenvox.com/help/speechengine/installation/windowsinstallation.htm Note that the LumenVox Engine and Licensing installation files and the LumenVox License file are supplied by Voice Innovate. You will not need to obtain them as described on the web page specified below. RSA Access Manager User Mapping Each RSA Authentication Manager user must be mapped to a Voice Innovate user. Voice Innovate provides a convenient utility for provisioning it s users from an RSA Authentication Manager report. Follow the instructions below to use this utility. Export User Records from RSA Authentication Manager 1. Log into the RSA Authentication Manager Security Console and select Reporting Add New. 2. Select the Users with Tokens template and click the Next button at the bottom of the page. 3. Enter a name for the report in the Report Name field. 4. For simplicity, choose Output all Columns. The utility will select the right appropriate values. 5. Choose the Identity Source from the select dialog in the Input Parameter Values Section and click the Save button. 6. Click Reporting Manage Existing, select the new report and click Run Report Now. 7. Click Reporting Report Output Completed Reports, select the latest output for the report and click Download CVS file. Import User Records to 1. Open a Windows command prompt and navigate to the web server root directory. 2. Enter the import.exe command followed by the path to report s CSV file you exported above. If your import was successful, the utility will display the number of accounts that were updated, inserted or removed. Otherwise, it will display descriptions of any errors in the import process. Here is an sample execution of the utility: C:\Program Files\VIC\\WebServer>import.exe usertoken.csv Success Imported 23 Users - 15 -

Client Web Client Configuration requires that the Client Web Application uses the OpenID standard (http://openid.net/) for authentication purposes. OpenID plug-ins for most popular applications are freely available for download via the internet from many sources. If a plug-in is available for your Client Web Application it must be downloaded and installed as per the plug-in instructions. If you require assistance in obtaining an OpenID plug-in for your application contact Voice Innovate. If a plug-in is not available for your Client Web Application, the tools to create an authentication client for the application are available from OpenID at: http://openid.net/developers/libraries/. If you require further assistance regarding OpenID client development contact Voice Innovate. The installation and configuration process for the OpenID plug-in varies based on the plug-in chosen. The steps for installation and configuration are detailed in the documentation provided with the OpenID Plugin chosen, but can be summarized as: Disable the existing authentication modules. Install and enable the Plugin. Configure your system to rely solely on the web application for authentication. - 16 -

Certification Checklist for RSA Authentication Manager Date Tested: July 29, 2011 Certification Environment Product Name Version Information Operating System RSA Authentication Manager 7.1 SP4 Windows 2003 R2 RSA Authentication API Library 6.1.3 Windows 2003 R2 1.1 Windows 2003 R2 Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN Force Authentication After New PIN N/A System Generated PIN System Generated PIN N/A User Defined (4-8 Alphanumeric) User Defined (4-8 Alphanumeric) N/A User Defined (5-7 Numeric) User Defined (5-7 Numeric) N/A Deny 4 and 8 Digit PIN Deny 4 and 8 Digit PIN N/A Deny Alphanumeric PIN Deny Alphanumeric PIN N/A Deny Numeric PIN Deny Numeric PIN N/A Deny PIN Reuse Deny PIN Reuse N/A Passcode 16 Digit Passcode 16 Digit Passcode N/A 4 Digit Fixed Passcode 4 Digit Fixed Passcode N/A Next Tokencode Mode Next Tokencode Mode Next Tokencode Mode N/A On-Demand Authentication On-Demand Authentication On-Demand Authentication N/A On-Demand New PIN On-Demand New PIN N/A Load Balancing / Reliability Testing Failover (3-10 Replicas) Failover N/A No RSA Authentication Manager No RSA Authentication Manager N/A JGS/ PAR = Pass = Fail N/A = Not Applicable to Integration - 17 -

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information