Reflection for Secure IT Server for Windows > User Authentication > RSA SecurID Authentication

RSA SecurID Authentication

RSA SecurID is a two-factor authentication solution from RSA Security, Inc that is based on hardware or software tokens. We recommend that you review the Authentication Manager documentation before using SecurID.

Reflection for Secure IT supports RSA SecurID authentication using the Secure Shell keyboard-interactive protocol.

Requirements

You must have a correctly configured RSA SecurID environment. Note: Micro Focus does not provide the following components.

Required Item

Function

RSA Authentication Manager

Verifies authentication requests and centrally manages authentication policies.

RSA Authentication Agent

Intercepts authentication requests and directs them to the Authentication Manager for authentication.

NOTE:The RSA Authentication Agent for Windows or the RSA Authentication Manager must be running on the same computer as the Reflection for Secure IT server.

Hardware Token

A hardware device, such as a key fob or smart card, that generates a one-time authentication code.

How it works

The Reflection for Secure IT server acts as a SecurID client in order to authenticate a user.

  1. The Reflection for Secure IT server receives a keyboard-interactive authentication request from a client.

  2. If SecurID authentication is enabled, the Reflection for Secure IT server passes the user name to the RSA SecurID Agent.

  3. The RSA SecurID agent returns a text prompt, which is sent to the client.

  4. The client user responds to the prompt.

  5. The Reflection for Secure IT server forwards this response to the RSA SecurID Agent, which may return another prompt. This continues until the RSA SecurID Agent indicates that authentication is complete.

  6. If the RSA SecurID Agent indicates that authentication is successful, the client connection is allowed and the Reflection for Secure IT server provides user access based on the current server configuration. If the RSA SecurID Agent indicates that authentication failed, the client connection is not allowed.

NOTE:Authentication fails if a user is able to authenticate to the RSA SecurID Authentication Manager server, but no account exists for that user on the local computer, in the Windows domain, or in the Reflection Gateway Administrator. (The last option applies only if you are running Reflection for Secure IT Gateway and have enabled Reflection Gateway Users.)

In this Section