Export (0) Print
Expand All

Using RSA SecureID and Swivel Secure PINsafe

 

Topic Last Modified: 2013-06-24

The RSA SecureID and Swivel Secure PINsafe user experiences are described in the following sections.

When a user is outside of the corporate network and tries to connect to Outlook Web App protected by an RSA SecureID two-factor authentication solution, a two-factor authentication logon page appears. The following is an outline of the user steps involved to complete the authentication process:

  1. The passcode is generated using the user’s personal PIN and the token code generated by the RSA SecureID fob as shown in this example.

    62814855-e308-416a-b4fc-6272e19b3739

    Personal RSA PIN = 1234 | RSA Tokencode= 032848

    Personal RSA PIN + RSA Tokencode = Passcode

  2. The user types in his or her username (CONTOSO\jdoe), password, and passcode (1234032848). Then the user clicks Log On.

    ef6aebfb-baeb-4c19-bd78-248769cab53a
  3. The username and passcode are sent to the RSA Authentication Manager (authentication server), which is the system’s authentication engine. If authorized, the user’s domain credentials are then verified by a domain controller.

  4. When the credentials have been verified, the user is authenticated and has access to their mailbox using Outlook Web App.

    69512592-0390-4cde-b172-224d38a2228d

Swivel Secure PINsafe is a two-factor authentication solution based on a choice of single or multi-channel authentication solutions. The key combination used in this solution is the user’s PIN (a constant value) and the user’s security string (a random value). The PIN is used to extract digits from the security string to produce a one-time token code which is passed by the user to the PINsafe server and processed to complete the two-factor authentication process. When the security string is delivered via the authentication page on a website, this is referred to as a single channel delivery (all authentication information is presented and entered via the web browser). If the security string is delivered via an alternate communication method (for example, an SMS text message to a mobile device) and is then used to produce the token code that is entered via the web browser session, this method is referred to as multi-channel.

The following scenario provides an example of the single channel authentication process from a user prospective. In this example, the user’s PIN is 1234.

  1. The user is presented with the Outlook Web App logon page where he enters the DOMAIN\username and tabs into the Password textbox. The Swivel Secure PINsafe authentication server then generates a random string and presents the user with an image.

    db1a39b7-2626-4ad0-bf2b-e88da8c0bb8c
  2. The user enters their domain password then determines which number corresponds to their PIN (1234) – the result is the user’s one-time password.

    4bbe895b-bd0f-42cb-8518-a889766f9a46
  3. Based on the image, the user enters 3584 as their one-time password for the session and clicks Log On.

    63f19d5a-968c-4c26-88e0-de413a59dfb4
  4. When the credentials have been verified, the user is authenticated and has access to their mailbox using Outlook Web App.

    69512592-0390-4cde-b172-224d38a2228d
 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft