Return to home page
Decrease font size by 1 pointChange font to 8 pointChange font to 9 point (default)Change font to 10 pointIncrease font size by 1 point

Log in or log out
Tech Notes

Enabling Native RSA SecurID Connections for Mobility Clients

Technical Note 2214

Last Reviewed 13-Dec-2006
Applies to:
Mobility XE version 7.0 and higher
 Printer-friendly version

Summary

As of version 7.0, Mobility XE supports native RSA SecurID authentication. RSA SecurID two-factor authentication is implemented through RSA Authentication Agent software installed on the Mobility server. In addition to selecting RSA SecurID in the Authentication—Protocol setting on the Server Settings page of the Mobility console, you must manually install the RSA Authentication Agent on all Mobility servers using RSA SecurID for user authentication. You will also need to modify the RSA Authentication Manager configuration to accept connections from the Mobility server for user authentication. No Mobility client configuration is required.

Note: Please refer to the Mobility XE 7.x System Administrator Guide for complete information about interoperability and configuration of Mobility XE and RSA SecurID, including information about compatibility with previous versions of Mobility XE clients and servers.

Authentication Using RSA SecurID

Note: For detailed instructions, including screenshots of the configuration screens, refer to the Mobility System Administrator Guide.

Authenticating Mobility users with RSA SecurID entails the following steps:

  1. Add an Agent Host record to the RSA Authentication Manager database.

  2. Install the RSA Authentication Agent on the Mobility server.

  3. Verify connectivity by running the Test Authentication function of the RSA Authentication Agent.

  4. Configure the Mobility server to use RSA SecurID for user authentication.

For general information about configuring the RSA Authentication Manager and installing the RSA Authentication Agent, see the RSA product documentation.

Adding an Agent Host record to RSA Authentication Manager

If the Mobility server is using the SecurID protocol to provide user credentials to the RSA Authentication Manager, you will need to configure the Authentication Manager to accept connections from the Mobility server for user authentication.

  1. On the Start menu of the RSA Authentication Manager, open RSA Authentication Manager Host Mode. On the Agent Host menu, select List Agent Hosts.

  2. Accept the defaults to list them to the screen. Confirm that the primary RSA Authentication Manager is in this list. If it is not, see "Adding Servers as Agent Hosts to the Primary Database" in the RSA Authentication Manager 6.0 Installation Guide. Click Exit.

  3. On the Agent Host menu, select Add Agent Host.

    • In the Name box, enter the fully-qualified domain name of the Mobility server.

    • In the Network Address box, enter the Mobility server’s IP address.

    • In the Agent type list, select Net OS Agent.

      Note: Mobility XE does not support the Single-Transaction Comm Server agent type. Messages informing clients that they are in "Next Token Mode" or "New PIN Mode" are not transmitted to the NAS/Mobility server unless they are configured for Net OS Agent.

    • Select the Open to All Locally Known Users checkbox.

    • Click OK.

  4. On the Agent Host menu, select Generate Configuration Files.

    • Select One Agent Host. Click OK.

    • Select your host name from the list. Click OK.

    • Save the resulting sdconf.rec file where it will be accessible to the Mobility server when you install the RSA Authentication Agent.

Installing the RSA Authentication Agent on the Mobility server

The RSA Authentication Agent software intercepts user requests for access to protected resources, and initiates an authentication session with the RSA Authentication Manager. You must manually install the Authentication Agent on all Mobility servers using RSA SecurID for user authentication.

In a pool of Mobility servers using RSA SecurID for user authentication, all servers in the pool must have the RSA Authentication Agent installed.

To install the RSA Authentication Agent:

  1. Copy the configuration record from the RSA Authentication Manager to the Mobility server. The default location of the sdconf.rec file on the Authentication Manager is the C:\Program Files\RSA Security\RSA Authentication Manager\data folder. Copy this file to the C:\WINDOWS\System32 folder on the Mobility server.

  2. Install the Authentication Agent as described in the RSA product documentation, with the following modification:

    • Select Custom install, and select "Local Authentication" only.

Related Information

2177

Setting Up Mobility Authentication

2150

Enabling RSA SecurID Connections for RADIUS (Mobility version 6.x only)

9979

NetMotion Mobility Technical Notes

Please comment on this technical note.