Access Manager integrates with RSA Authentication Manager and provides the integration features described in Table 56-1.
Table 56-1 Access Manager Support for RSA Features
RSA Feature | Access Manager Support |
---|---|
Authentication method |
Native SecurID authentication |
New PIN Mode (user-generated PINs) |
Asks for new PIN with confirmation. The token may be in New PIN mode the first time the user logs in or the Authentication Manager Administrator can enable New PIN mode. New PIN mode requires the user to complete a sequence of forms to define, or have the system generate, a new PIN number. Oracle-Provided New PIN Forms and Functions:
See Also: "SecurID New PIN Authentication". |
Next Tokencode |
During authentication, the Authentication Manager may direct the user to provide the next tokencode that appears on their SecurID token to prove that they have the assigned token. This operation is known as Next Tokencode mode, which can be triggered by one of the following situations: See Also: "SecurID Next Tokencode Authentication".. |
Passcode |
|
Load Balancing |
RSA Authentication Manager Replicas. |
Secondary server support |
Yes |
SecurID user specification |
Designated users |
SecurID protection of Administrators |
Yes |
Access Manager features and functions |
All |
Access Manager does not support the RSA features in Table 56-2.
Table 56-2 RSA Features Not Supported
RSA Feature | Not supported by Access Manager |
---|---|
RSA Authentication Manager 7.1 SP2 |
Is not supported in an Active Directory Forest multi-domain environment |
Multiple ACE Realms |
The RSA Authentication API uses an automatic response time load balancing algorithm to determine where to send an authentication request. Such requests go to either a primary RSA Authentication Manager or a replica. The automatic algorithm can be overridden by creating a manual load balancing configuration file, sdopts.rec. However manually weighting an RSA Authentication Manager as a server of last resort does not preclude the Agent from communicating with it. As such, a true failover setup cannot be achieved with this method. For more information, see your RSA Authentication Manager documentation |
System Generated PINs |
Not supported by Access Manager. |
Failover |
Not supported for OAM SecurID Servers because only one OAM SecurID Server can perform SecurID authentication. |