Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, 2013. Product Information Partner Name



Similar documents
Lieberman Software. RSA SecurID Ready Implementation Guide. Account Reset Console. Partner Information. Last Modified: March 20 th, 2012

Stonesoft Corp. Stonegate Firewall and VPN

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide

RSA SecurID Software Token 1.0 for Android Administrator s Guide

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

IMS Health Secure Outlook Web Access Portal. Quick Setup

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Department of Supply & Services (CIMS) RSA Web Express User Guide v1.2

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

Defender Token Deployment System Quick Start Guide

RSA SecurID Ready Implementation Guide

How To Use The Syndicate Bank Rsa Security Token For Internet Banking On Pc Or Mac Or Mac (For A Web Browser) For A Long Time (For An Ipad) For Free (For Free) For An Unlimited Time) For Your

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

New Brunswick Internal Services Agency. RSA Self-Service Console User Guide

Two-Factor Authentication

VMware Horizon View for SMS PASSCODE SMS PASSCODE 2014

Epic Remote Access for Mobile Devices FAQ and Setup

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 5

Deployment Guide Mar-2016 rev. a. Integrating the Array Standalone Client with RSA Token Automation

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

Accessing the Mercy Remote Access Portal (SSL VPN)

Using VMware Horizon View Client for Android

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Ultra-strong authentication to protect network access and assets

Remote Access End User Guide (Cisco VPN Client)

Citrix Netscaler Advanced guide for SMS PASSCODE SMS PASSCODE 2014

RSA SecurID Software Token 4.1 Administrator s Guide

Ultra-strong authentication to protect network access and assets

RSA SecurID Token User Guide February 12, 2015

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

RSA Authentication Manager 7.1 Administrator s Guide

VMware Virtual Desktop Manager User Authentication Guide

Logging into Citrix (Epic) using an RSA Soft Token - New RSA User

Telstra Mobile Device Management (T MDM) Getting Started Guide

Virtual Desktop and SSL VPN access with OnDemand tokencode. User Guide

Instructions for Using Secure . (SMail) via Outlook Web Access. with an RSA Token

RSA SecurID Software Token Security Best Practices Guide

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

RSA Authentication Manager 7.1 Basic Exercises

MRU Secure Remote Access Service (SRAS) External User Guide

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

MRU Secure Remote Access Service (SRAS) External User Guide

RSA Authentication Manager 8.1 Administrator s Guide

BIG-IP Access Policy Manager Tech Note for BIG-IP Edge Client App for ios

How to Use Your RSA SecurID Software Token for Windows XP, Vista, or Windows 7 (For ICIS remote access)

Access Your Cisco Smart Storage Remotely Via WebDAV

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Deploying iphone and ipad Security Overview

External Authentication with Citrix Access Gateway Advanced Edition

USER MANUAL. CTBTO Remote Access VPN using Cisco AnyConnect

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Sophos UTM. Remote Access via SSL Configuring Remote Client

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Dell SonicWALL SRA 7.5 Citrix Access

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

Two Factor Authentication in SonicOS

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

To set up your Android with Good for Enterprise:

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

RSA SecurID Certified Administrator (RSA Authentication Manager 8.0) Certification Examination Study Guide

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

Check Point FW-1/VPN-1 NG/FP3

Using VMware Horizon View Client for ios

Integration Guide. Swivel Secure Authentication

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Cisco VPN Concentrator Implementation Guide

A Guide to New Features in Propalms OneGate 4.0

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Accessing the Media General SSL VPN

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad in Business Security

WHAT IS VIRTUAL DESKTOP? WHAT YOU NEED LOG IN TO VIRTUAL DESKTOP SET UP CITRIX RECEIVER REMOTE ACCESS GUIDE

RSA Authentication Manager 8.1 Planning Guide. Revision 1

RSA Authentication Manager 7.1 Administrator s Guide

Administering Jive Mobile Apps

iphone in Business How-To Setup Guide for Users

setup information for most domains hosted with InfoRailway.

RSA Security. RSA, RC2, RC4, RC5, MD5 AES RC6 PKCS RSA Keon PKI. RSA BSAFE 5 Web. RSA SecurID 4000

Deploying iphone and ipad Virtual Private Networks

Mobile Access Software Blade

Global VPN Client Getting Started Guide

Remote Desktop Connection Setup at King s College in Wilkes-Barre, PA

This document shows new Citrix users how to set up and log in to their Citrix account.

Note that if at any time during the setup process you are asked to login, click either Cancel or Work Offline depending upon the prompt.

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Advanced Configuration Steps

UBC Digital Signage Service: CoolSign 5.0 Initial Set- up Guide

Transcription:

RSA SecurID Ready Implementation Guide Partner Information Last Modified: September 16, 2013 Product Information Partner Name Web Site Product Name Version & Platform Product Description, Inc. workspot.com 2.0.3 for ipad and iphone helps companies improve productivity by securely connecting users to core business applications and data on their personal mobile devices. s patent-pending mobile virtualization solution can be quickly deployed using existing infrastructure. The solution consists of a client application running on a mobile device together with a cloud-based administration console.

Solution Summary The Client is a secure mobile virtualization container on the device, which includes a virtual file system and a virtual network. The virtual network provides secure connectivity to the users corporate resources while the virtual file system stores documents downloaded on the device. Control is a cloud-based service console that an IT administrator uses to configure and manage the applications, VPN connection and policies for mobile users. and RSA SecurID leverages RSA SecurID authentication provided by SSL VPN gateway appliances and currently supports the following vendors and products: Cisco Adaptive Security Appliance (ASA) Dell SonicWALL Secure Remote Access (SRA) F5 BIG-IP Access Policy Manager (APM) Juniper Secure Access Series SSL VPN Note: Individual products may not support all features. Links to RSA s Cisco, Dell, F5 and Juniper SSL VPN Implementation Guides can be found in the Appendix of this document. RSA SecurID supported features 2.0.3 RSA SecurID Authentication via Native RSA SecurID Protocol RSA SecurID Authentication via RADIUS Protocol On-Demand Authentication via Native SecurID Protocol On-Demand Authentication via RADIUS Protocol RSA Authentication Manager Replica Support Secondary RADIUS Server Support RSA Software Token Supported Features Windows Automation SID800 Automation OS X Automation ios Automation Android Automation File-based Provisioning CT-KIP Provisioning CTF Provisioning No No No No No - 2 -

Authentication using RSA SecurID In Control, the administrator defines which SSL VPN gateway the mobile user authenticates and connects to, and defines a security policy to enable RSA SecurID. The VPN gateway must be configured to use the RSA Authentication Manager for authentication. The client will authenticate using RSA SecurID as follows: 1. Control sends a security profile with RSA SecurID enabled to the mobile device. 2. The mobile user initiates a login via the client. 3. The user s credentials, username and passcode are sent to the VPN gateway to authenticate using the RSA Authentication Manager. 4. The RSA Authentication Manager may present authentication challenges associated with the user s account or token state. 5. The user enters responses to the authentication challenges as required. 6. If the credentials are valid, the user will be authenticated by the RSA Authentication Manager and a VPN session is created with the VPN gateway. If the authentication fails, the user is denied access and a session is not established. Control 1 2 5 3 Client 5 SSL VPN Gateway? X 4 6 Authentication Manager - 3 -

Partner Product Configuration Before You Begin This section provides instructions for configuring with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. RSA SecurID authentication for can either be enabled during the Express Setup or after the basic account has been configured. Important: The SSL VPN gateway must be configured to support RSA SecurID authentication before enabling RSA for. Refer to the appropriate RSA Implementation Guide found in the Appendix of this document. - 4 -

Procedure Overview Enabling RSA during the Express Setup To enable RSA SecurID during the Control Express Setup, select as shown in Screen 1. Screen 1 Enabling RSA during Express Setup - 5 -

Enabling RSA If the Express Setup has already been completed, RSA SecurID can be enabled using Control. First, by adding a new Security Policy, then assigning that policy to the group that will be using SecurID authentication. Refer to screens 2 through 6. Screen 2 Adding a New Security Policy (1 of 2) - 6 -

Screen 3 Adding a New Security Policy (2 of 2) - 7 -

Screen 4 Assigning the RSA Security Policy to a Group (1 of 3) Screen 5 Assigning the RSA Security Policy to a Group (2 of 3) - 8 -

Screen 6 Assigning the RSA Security Policy to a Group (3 of 3) - 9 -

Importing a RSA SecurID Software Token into The client supports an integrated token by importing a token into the client. To import a token, obtain either a SDTID file or CT-KIP URL through the RSA Authentication Manager. SDTID files should be converted to CTF format with the RSA tokenconvertor utility using the mobile option. See RSA SecurID Software Token Converter documentation http://www.emc.com/security/rsa-securid/rsa-securidsoftware-authenticators/converter.htm for more information. Note: This procedure is only required if you have a CTF or CT-KIP link and want to import that token into. It is not required if you are using an external physical or software token authenticator. To import a token, click on the CTF or CT-KIP link, on the device where is installed. (Screen 1 of 3) This will launch the Client and import the token; enter the token file password if needed. (Screen 2 of 3) Once the file has been successfully imported, click OK to continue. (Screen 3 of 3) - 10 -

RSA SecurID Authentication After RSA SecurID has been configured using Control, the policy is updated on the mobile device. Any user belonging to the group with RSA is enabled, will be prompted for a RSA SecurID passcode or PIN during authentication, as shown in the following device screens. Note: Your home and application screens will look different from the following examples and will be based on the applications defined in Control. Note: If using an integrated token, the token must be imported into before authenticating. From the home screen, click any application, such as an internal SharePoint site, which requires authentication using the SSL VPN gateway. (Screen 1 of 3) - 11 -

RSA Authentication with External Token To authenticate with a hardware or software token, the user should enter their username, password, and RSA SecurID passcode from the token. Depending on the token configuration, the passcode is typically PIN + token code for a hardware token, or the Passcode shown after the PIN is entered into the software token. (Screen 2 of 3) RSA Authentication with Integrated Token To authenticate with the integrated token, the user should enter their username, password, and RSA SecurID PIN. (Alternate screen 2 of 3) After successful authentication, the application home page is shown, in this example, SharePoint. (Screen 3 of 3) - 12 -

RSA SecurID Authentication Screen Examples Authentication Screens The SecurID authentication screens shown below are with configured for the Cisco ASA. Other supported SSL VPN gateways display similar authentication prompts. System generated new PIN prompts User defined (4-8) alphanumeric PIN - 13 -

Next tokencode - 14 -

Certification Checklist for RSA Authentication Manager Date Tested: September 16, 2013 Certification Environment Product Name Version Information Operating System RSA Authentication Manager 8.0 Virtual appliance Cisco ASA Cisco Adaptive Security Cisco IOS Appliance Software Version 8.0(5)23 2.0.3 ipad, iphone ios 6.1 RSA SecurID Authentication RSA Native Protocol New PIN Windows OS X Android ios Other Force Authentication After New PIN N/A N/A N/A N/A System-Generated PIN N/A N/A N/A N/A User Defined (4-8 Alphanumeric) N/A N/A N/A N/A User Defined (5-7 Numeric) N/A N/A N/A N/A Deny 4 and 8 Digit PIN N/A N/A N/A N/A Deny Alphanumeric PIN N/A N/A N/A N/A Deny PIN Reuse N/A N/A N/A N/A Passcode 16-Digit Passcode N/A N/A N/A N/A 4-Digit Fixed Passcode N/A N/A N/A N/A Next Tokencode Mode Next Tokencode Mode N/A N/A N/A N/A On-Demand Authentication On-Demand Authentication N/A N/A N/A N/A On-Demand New PIN N/A N/A N/A N/A Load Balancing / Reliability Testing Failover (3-10 Replicas) N/A N/A N/A N/A No RSA Authentication Manager N/A N/A N/A N/A GLS / PAR = Pass = Fail N/A = Not Applicable to Integration - 15 -

Certification Checklist for RSA Authentication Manager RSA Software Token Automation RSA Native Protocol PINless Token Windows OS X Android ios Other Next Tokencode Mode N/A N/A N/A N/A PINpad-style Token Deny Alphabetic PIN N/A N/A N/A N/A Next Tokencode Mode N/A N/A N/A N/A Fob-style Token 16-Character Passcode N/A N/A N/A N/A Alphanumeric PIN N/A N/A N/A N/A Next Tokencode Mode N/A N/A N/A N/A Other Password-Protected Token N/A N/A N/A N/A System-Generated PIN N/A N/A N/A N/A GLS / PAR = Pass = Fail N/A = Not Applicable to Integration - 16 -

Appendix Software Token SDK Integration Details Android ios Other RSA Software Token SDK RSA Software Token SDK Version N/A 1.5 N/A RSA Software Token Data Display Token Serial Number N/A N/A Display Token Expiration Date N/A N/A Number of Tokens Supported N/A 1 N/A Provisioning File-Based N/A No N/A CT-KIP N/A N/A CTF N/A N/A Secured by RSA Certified Implementation Guides Cisco ASA Series Adaptive Security Appliance https://gallery.emc.com/docs/doc-1167 Dell SonicWALL Secure Remote Access (SRA) https://gallery.emc.com/docs/doc-2317 F5 Networks BIG-IP https://gallery.emc.com/docs/doc-1231 Juniper Networks Secure Access SSL VPN https://gallery.emc.com/docs/doc-1297-17 -

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information