Adding new RSA SecurID users
If the group uses the RSA SecurID authentication, the following New RSA SecurID user dialog box opens:
| 1. | In the User name field, define the RSA user name. Ensure this name matches the one you have defined for the user in your RSA Ace server.
Note Each user name must be unique among the groups and users.
|
| 2. | Once you have created the RSA SecurID user, double-click on its definition in HAM to configure individual parameters if different from those in its group. These settings are similar to those of the UserID/Password authentication. However, some security and general features are not available as they do not apply to RSA SecurID users (for example, the password complexity policies do not apply as the users will be using the RSA SecurID tokens rather than passwords). |
Using the software with an RSA SecurID
BlueZone Access Server can be used within an RSA SecurID network. Users connecting to the ActiveX client are prompted for
their RSA SecurID Username and Password prior to connecting.
If you did not select the Use RSA SecurID checkbox during the installation, you will need to manually modify some pages to
enable RSA SecurID authentication"
| 1. | On the machines running the Cluster Service(s), modify some or all of the following HTML pages (depending on the product(s)
you have):
|
| 2. | Open one or all of the above pages in a text editor depending on the product(s) you have. |
| 3. | In <PARAM NAME="RSASecurID" VALUE="FALSE">, replace the FALSE value with TRUE and save the file. |
| 4. | If you want to use the ASP pages instead of the HTML pages to connect to the cluster, you can repeat the above steps for these
pages:
|
| 5. | In ( oHFDownLoad.Parameter "RSASecurID", "FALSE" ), replace the FALSE value with TRUE and save the file. |
Note
When you change the SecurID parameter to TRUE, all clients will be RSA enabled. For that matter, when enabling the RSA SecurID
parameter, all clients connecting to the luster should be RSA SecurID users.
Setting the Web server
When configuring your RSA SecurID within your Web server, It is recommended that you set the following Cookie settings:
| 1. | Open Internet Information Server (IIS). |
| 2. | Right-click the Web site under which the virtual folder are created, and select Properties. |
| 3. | Select the RSA SecurID tab. |
| 4. | In the Cookie Expiration Control section, select the Cookies Expire if Not Used Within the Specified Time radio button. |
| 5. | In the Expiration Time field, enter the number of minutes you would like to allocate for user inactivity. |
| 6. | Click Apply, then OK. |
Note
By applying these RSA Cookie configuration settings, users will expect to see their cookie expire only when closing their
browser. However, their cookie will expire, even if they do not close their browser, when their inactivity period surpasses
the Expiration Time specified.
If you select the Cookies Always Expire after the Specified Time, users see their cookie expire after the specified Expiration Time. If this happens while they have a host display session
open, they will need to re-enter their Username and Password in order to continue the session.