56.2 RSA Features Supported by Access Manager

Access Manager integrates with RSA Authentication Manager and provides the integration features described in Table 56-1.

Table 56-1 Access Manager Support for RSA Features

RSA Feature Access Manager Support

Authentication method

Native SecurID authentication

New PIN Mode (user-generated PINs)

Asks for new PIN with confirmation.

The token may be in New PIN mode the first time the user logs in or the Authentication Manager Administrator can enable New PIN mode. New PIN mode requires the user to complete a sequence of forms to define, or have the system generate, a new PIN number.

Oracle-Provided New PIN Forms and Functions:

  • System Generated PIN (not supported)

  • User Defined (4-8 Alpha/numeric characters)

  • User Defined (5-7 Numeric)

  • Deny 4 and 8 Digit PIN

  • Deny Alphanumeric PIN

  • Deny Numeric PIN

  • PIN Reuse

See Also: "SecurID New PIN Authentication".

Next Tokencode

During authentication, the Authentication Manager may direct the user to provide the next tokencode that appears on their SecurID token to prove that they have the assigned token. This operation is known as Next Tokencode mode, which can be triggered by one of the following situations:

See Also: "SecurID Next Tokencode Authentication"..

Passcode

  • 16 Digit Passcode

  • 4 Digit Fixed Passcode

Load Balancing

RSA Authentication Manager Replicas.

Secondary server support

Yes

SecurID user specification

Designated users

SecurID protection of Administrators

Yes

Access Manager features and functions

All

Access Manager does not support the RSA features in Table 56-2.

Table 56-2 RSA Features Not Supported

RSA Feature Not supported by Access Manager

RSA Authentication Manager 7.1 SP2

Is not supported in an Active Directory Forest multi-domain environment

Multiple ACE Realms

The RSA Authentication API uses an automatic response time load balancing algorithm to determine where to send an authentication request. Such requests go to either a primary RSA Authentication Manager or a replica. The automatic algorithm can be overridden by creating a manual load balancing configuration file, sdopts.rec. However manually weighting an RSA Authentication Manager as a server of last resort does not preclude the Agent from communicating with it. As such, a true failover setup cannot be achieved with this method. For more information, see your RSA Authentication Manager documentation

System Generated PINs

Not supported by Access Manager.

Failover

Not supported for OAM SecurID Servers because only one OAM SecurID Server can perform SecurID authentication.