Professional Documents
Culture Documents
SIDFLIX SERIES:
ZERO TO HERO WITH SECURID
8 C O N F I D E N T I A L
10
11
MODERN MFA
R S A14 A u t h S o l u t i o n s
Internal Use - Confidential
REMEMBER
THIS
STUFF?
TOKEN PROFILES Best Practices:
• Use “Over the Air” Provisioning! CTKIP, blah blah…
• Typically requires the RSA Web Tier Software
OR
• The most secure way and automated method to
distribute software tokens
• Provides Email or QR Code activation
• Needs profiles to specify distribution method, etc.
15
16
MACHINE
LEARNING
RISK PASS RISKY DENY
Risk
HW Token SW Token FIDO Proximity Wearables
Security
17
21
Cloud
On-Prem
VPN 500+ certified integrations.
Thousands more supported
PAM through open standards
SID700
SID800
SID900
WAM
HW Token
iOS Desktop
Android Authentication
Windows Traditional OTP Agent / RADIUS / SDK VDI
Mac OSX
SW Token
Manager
SDK Network
Gateway Legacy
HTTP
ODA/RBA
23
RISK PaaS
IaaS
Proximity Mobile OTP
Modern MFA
Cloud Authentication
SAML / WS-Fed / OIDC
Service Web
Mobile
Modern MFA
Wearables Biometrics
Traditional OTP
Cloud
On-Prem
SMS Voice Call
VPN 500+ certified integrations.
Thousands more supported
PAM through open standards
SID700
SID800 Identity Router WAM
SID900
HW Token
iOS Desktop
Android Authentication
Windows Traditional OTP Agent / RADIUS / SDK VDI
Mac OSX
SW Token
Manager
SDK Network
Gateway Legacy
HTTP
ODA/RBA
24
25
26
27
28
29
30
31
32
33
Hemlata
Enterprise Connector
Identity Store
34
35
Enterprise Connector (Required) • For rapid prototyping or POC deployments, simply use the EC Mode and add the
• Synchronizes identities other features later
• Sends passwords for validation • Identity Router supports both single and dual NIC configurations. For the easiest
path from zero to hero use the dual NIC configuration.
RADIUS Server (Optional)
• Responds to RADIUS requests
• Includes checklist attributes and return
attributes
36
37
REQUIRED
REQUIRED
Username:
idradmin
Password (shh!):
s1mp13
39
40
Management IP
address &
gateway.
42
43
44
45
46
• Common trouble:
• Connectivity
• DNS Resolution
• Do a SSH WGET to the Auth URL from
the IDR (same idradmin account)
• (SSH needs to be enabled in Diagnostics)
47
48
49
50
52
Blue is “new”
Green is “clean”
53
54
59
60
64
65
Policies:
• Control how and when users
auth
• Optionally filter the users that
the rule applies to
• Access can be subject to futher
conditions or rules based on
attributes such as:
• Geolocation
• Trusted Networks
• Country
• Trusted Browser
• Identity Confidence
• High Risk User
• Policies can have a lot of rules,
but simple is better
• Finally, the policy can make the
user’s access subject to step-up
authentication based on
Assurance Levels!
66
67
68
Pay attention! Automated: Administrator does nothing other than set up a relevant
policy
Go to GOOGLE PLAY or
Is secured in many ways (e.g. IP Adress, Group/Role, SMS, etc.)
Apple Store and get: Customisable Logo
Pre-deployed in the Cloud
RSA
71
SecurID Authenticate
Internal Use - Confidential
‘ M Y PA G E ’ S E L F -S E RV I C E A P P A CT I VAT I O N
72
Conditional Value
Emergency
• Country =
Vietnam
+ Access Code
73
74
75
Ken
76
Ken
77
Ken
78
“Ken”
Step-up Challenge!
79
Step-Up (L/M/H)
‒ Token
‒ Biometric
‒ Push
80
81
82
83
84
85
87
88
IDR
Events Cloud Events (API)
89
Cloud-based
events (e.g.
Cloud IDP) must
be obtained:
• Through RSA
support
• API
90
91
92
An amazing resource:
• Community forums – ask questions!
• Better yet, ANSWER QUESTIONS too! Are you an expert?
• Encourage your customers to use
• Live Tech Support chat coming soon!
94
95
96