RSA Authentication Manager 7.1 Administrator's Guide
Total Page:16
File Type:pdf, Size:1020Kb
RSA Authentication Manager 7.1 Administrator’s Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo are registered trademarks of RSA Security Inc. in the United States and/or other countries. For the most up-to-date listing of RSA trademarks, go to www.rsa.com/legal/trademarks_list.pdf. EMC is a registered trademark of EMC Corporation. All other goods and/or services mentioned are trademarks of their respective companies. License agreement This software and the associated documentation are proprietary and confidential to RSA, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by RSA. Third-party licenses This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed in the thirdpartylicenses.html files. Note on encryption technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Limit distribution of this document to trusted personnel. RSA notice The RC5™ Block Encryption Algorithm With Data-Dependent Rotations is protected by U.S. Patent #5,724,428 and #5,835,600. © 2008-2009 RSA Security Inc. All rights reserved. April 2008 Revised: September 2009 RSA Authentication Manager 7.1 Administrator’s Guide Contents Preface................................................................................................................................. 13 About This Guide.............................................................................................................. 13 RSA Authentication Manager Documentation ................................................................. 13 Related Documentation..................................................................................................... 14 Getting Support and Service ............................................................................................. 14 Before You Call Customer Support........................................................................... 14 Chapter 1: Preparing RSA Authentication Manager for Administration................................................................................................................ 15 Logging On to the RSA Security Console........................................................................ 15 Logging On to the RSA Operations Console.................................................................... 16 Creating Your Organizational Hierarchy.......................................................................... 17 Creating Realms......................................................................................................... 17 Creating Security Domains........................................................................................ 18 Accessing Users from an LDAP Identity Source.............................................................. 21 Setting Up SSL for LDAP ......................................................................................... 23 Adding Custom Attributes to User Records .............................................................. 23 Re-Indexing your Directory for Improved Searches ................................................. 24 Adding an Identity Source in RSA Authentication Manager .................................... 25 Linking an Identity Source to a Realm ...................................................................... 28 Verifying the LDAP Identity Source......................................................................... 29 Editing Users in LDAP with the RSA Security Console........................................... 29 Identifying Orphaned LDAP Users ........................................................................... 29 Removing an Identity Source .................................................................................... 30 Adding Users to the Internal Database Using the RSA Security Console........................ 30 Migrating Users from an Existing RSA ACE/Server or RSA Authentication Manager Deployment.................................................................................................................... 31 Adding Administrators...................................................................................................... 32 Predefined Administrative Roles............................................................................... 33 Creating Administrative Roles................................................................................... 37 Assigning Administrative Roles ................................................................................ 42 Organizing Users for Administration................................................................................ 44 Protecting the RSA Security Console ............................................................................... 45 Chapter 2: Configuring Authentication Policies ....................................... 47 Setting Password Requirements........................................................................................ 47 Requiring Use of System-Generated Passwords ....................................................... 48 Requiring Periodic Password Changes...................................................................... 48 Restricting Reuse of Old Passwords.......................................................................... 49 Limiting Password Lengths ....................................................................................... 49 Using an Excluded Words Dictionary ....................................................................... 50 Setting Password Character Requirements................................................................ 50 Contents 3 RSA Authentication Manager 7.1 Administrator’s Guide Setting Token Usage Requirements.................................................................................. 51 Limiting the Number of Incorrect Passcodes Allowed.............................................. 52 Setting Tokencode Ranges for Event-Based Tokens................................................. 52 Requiring Periodic RSA SecurID PIN Changes........................................................ 53 Restricting Reuse of Old PINs................................................................................... 53 Limiting RSA SecurID PIN Length........................................................................... 54 Setting RSA SecurID PIN Character Requirements.................................................. 54 Requiring Periodic Fixed Passcode Changes............................................................. 54 Restricting Reuse of Old Fixed Passcodes ................................................................ 55 Limiting Fixed Passcode Length ............................................................................... 55 Setting Fixed Passcode Character Requirements....................................................... 56 Setting Emergency Access Code Formats................................................................. 56 Locking Users Out of the System ..................................................................................... 56 Locking Out Users After a Specified Number of Logon Attempts ........................... 57 Setting Offline Authentication Requirements................................................................... 58 Integrating Your Windows Password with RSA SecurID......................................... 60 Setting Minimum Online Passcode Lengths.............................................................. 60 Handling Offline Authentication with Devices that Do Not Meet Security Recommendations................................................................................................... 61 Setting Offline Emergency Codes ............................................................................. 61 Refreshing Users’ Supplies of Offline Authentication Data ..................................... 62 Setting Self-Service Troubleshooting Requirements........................................................ 62 Chapter 3: Protecting Network Resources with RSA SecurID......... 65 Overview of RSA SecurID Authentication....................................................................... 65 Installing Authentication Agent Software on the Resource You Want to Protect............ 66 Creating an RSA Agent Record Using the RSA Security Console .................................. 66 Allowing Agents to Automatically Add Authentication Agent Records .................. 67 Creating and Installing the RSA Authentication Manager Configuration File................. 70 Specifying Where Agents Send Authentication