Using two-factor authentication is common when publishing remote services to the internet with components like Citrix NetScaler or Juniper SA appliances. RSA is a well-known provider of two-factor authentication mechanism.
Beginning with RSA Authentication Manager 7.1 people have the ability to use the On-Demand feature. This feature enables the delivery of token codes via SMS or e-mail. When using this feature you had to publish the RSA Self-Service website to the internet, so users can request a token code. The RSA Self-Service website is displayed below.
The procedure for opening a extra website to request an On-Demand token is difficult to understand for many people and increases the risk of problems and errors during the authentication process.
This behavior is changed in RSA AM 7.1SP3. With SP3 the Authentication Agent has possibility to generate the On-Demand token request on behalf of the user. The procedure to login to the Authenticaton Agent is:
- 1. Browse to the portal website
- 2. Enter your user credentials (username + password)
- 3. Enter only the token PIN code
- 4. The Authentication Agent generates the On-Demand token request and redirects the user to a website to enter the On-Demand token code
- 5. The user waits for the delivery of the token via SMS or e-mail
- 6. The user enters the On-Demand token code on the Authentication Agents website
- 7. The Authentication Agent validates the token code and displays the web portal
This way the delivery of token codes is less prone to problems and errors during the authentication process. I personally like this new feature.