Configuring RSA SecurID authentication

  • Article

Updated: February 1, 2011

Applies To: Unified Access Gateway

This topic describes how to configure an RSA SecurID authentication server on Forefront Unified Access Gateway (UAG).

To configure an RSA SecurID authentication server

  1. In the Forefront UAG Management console, on the Admin menu, click Authentication and Authorization Servers.

  2. On the Authentication and Authorization Servers dialog box, click Add.

  3. In the Server type list, click RSA SecurID.

  4. On the Add Authentication Server dialog box, configure the following server settings:

    • Server name—Name of the server or repository. This name is used when you select the server or repository during the configuration of Forefront UAG. It is also displayed to end users when they are prompted to select a server during authentication.

    • IP address/host—IP address or host name of the RSA SecurID server.

    • Port—Port number of the RSA SecurID server.

    • Alternate IP/host—IP address or host name of the alternate RSA SecurID server.

    • Alternate Port—Port number of the alternate RSA SecurID server.

    • Enable PIN mode—Select the Enable PIN mode check box to enable New PIN mode, for use when users are required to enter a new PIN during authentication.

      Note

      For security considerations, it is recommended that you do not enable the New PIN mode.

    • Use a different server for portal authorization—Applicable in portal trunks only. Select this check box to use a different server, where users and user groups are defined, for application authorization. In this case, selecting the RSA SecurID server for application authorization, brings users and user groups from the associated server rather than from the RSA SecurID server.

    • Select server—Click the server to use for application authorization. You can use one of the following:

      • Any of the configured authentication servers where users and user groups are defined, such as, NT Domain or Notes Directory.

      • Built-In Users/Groups—Use the computer’s Windows Local Users and Groups console. To access the console, click Launch Local Users and Groups console.

      Note

      Selecting this option does not enable you to define the local computer’s Windows Local Users and Groups console as an authentication server. To define the local computer as the authentication server, select the NT Domain server-type, and enter the name of the local computer in the NT Domain field.

  5. On the Add Authentication Server dialog box, click OK, and then on the Authentication and Authorization Servers dialog box, click Close.