Booches.nl

RSA AM 7.1SP3 Token Delivery

Using two-factor authentication is common when publishing remote services to the internet with components like Citrix NetScaler or Juniper SA appliances. RSA is a well-known provider of two-factor authentication mechanism.

Beginning with RSA Authentication Manager 7.1 people have the ability to use the On-Demand feature. This feature enables the delivery of token codes via SMS or e-mail. When using this feature you had to publish the RSA Self-Service website to the internet, so users can request a token code. The RSA Self-Service website is displayed below.

The procedure for opening a extra website to request an On-Demand token is difficult to understand for many people and increases the risk of problems and errors during the authentication process.

This behavior is changed in RSA AM 7.1SP3. With SP3 the Authentication Agent has possibility to generate the On-Demand token request on behalf of the user. The procedure to login to the Authenticaton Agent is:

1. 1. Browse to the portal website
2. 2. Enter your user credentials (username + password)
3. 3. Enter only the token PIN code
4. 4. The Authentication Agent generates the On-Demand token request and redirects the user to a website to enter the On-Demand token code
5. 5. The user waits for the delivery of the token via SMS or e-mail
6. 6. The user enters the On-Demand token code on the Authentication Agents website
7. 7. The Authentication Agent validates the token code and displays the web portal

This way the delivery of token codes is less prone to problems and errors during the authentication process. I personally like this new feature.

René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, HP Networking, Juniper Networks, RSA, PaloAlto Networks, Microsoft and many more. René is CCNA (Routing & Switching, Security), CCNP , Cisco ASA Specialist and CEFFS certified. You can follow René on Twitter and LinkedIn.

René Jorissen

View all posts by René Jorissen
Company website

Related Articles

• Restore RSA 7.1 primary database and RADIUS config
• RSA 7.1 with On-Demand
• ISA Server 2006 array – renew certificate
• User expiration with RSA AM 7.1
• eSafe Proxy with NTLM v2.0
• Redundant DMVPN network
• RSA 7.1 supported under ESX 3.5
• RSA LDAP query failed
• Cisco 877W wireless authentication failed
• Where is the Internet Authentication Service?