RSA SecurID authentication

This topic describes the use of RSA SecurID authentication.

The BMC Server Automation Authentication Server can authenticate users through RSA SecurID. If a user is registered in the role-based access control (RBAC) system of BMC Server Automation, that user can authenticate by providing a user name and passcode. The user name and passcode consist of a PIN and the current token code displayed on an RSA SecurID token. In some situations, the user might be prompted for a new PIN before authentication can occur. If the user enters valid information, the Authentication Service issues session credentials to the user.

Use the following procedures to configure RSA Authentication Manager and the Authentication Server:

• Configuring the RSA Authentication Manager
• Configuring SecurID authentication

RSA Authentication Manager does not allow third parties, such as the BMC Server Automation Authentication Service, to query the status of a user. When BMC Decision Support for Server Automation needs to refresh session credentials for a user who authenticates with RSA SecurID, the BMC Server Automation Authentication Service cannot query RSA Authentication Manager for the status of the user. The Authentication Service can only check the status of the user in the RBAC database. If the user account has not been disabled or deleted in RBAC, the session credentials for that user are always refreshed.