RSA SecurID authentication

This topic describes the use of RSA SecurID authentication.

The 

Authentication Server can authenticate users by means of RSA SecurID. If a user is registered in role-based access control (RBAC) system of , that user can authenticate by providing his or her user name and passcode, which consists of a PIN and the current token code displayed on an RSA SecurID Token. In some situations, the user might be prompted for a new PIN before authentication can occur. If the user enters a valid information, the Authentication Service issues session credentials to the user.

Configuring a 

system to support SecurID authentication requires configuration beyond the default setup of . Use the following procedures to configure RSA Authentication Manager and the Authentication Server:

RSA Authentication Manager does not allow third parties such as the 

Authentication Service to query the status of a user. When  needs to refresh session credentials for a user who authenticates with RSA SecurID, the  Authentication Service cannot query RSA Authentication Manager for the status of the user. It can only check status of the user in the RBAC database. If the user account has not been disabled or deleted in RBAC, the session credentials for that user are always refreshed.