
RSA SecurID Software Token 4.1 Administrator’s Guide
3: Provisioning Software Tokens 41
3 Provisioning Software Tokens
This chapter provides the key steps for issuing software tokens in RSA Authentication
Manager and describes the supported methods for provisioning tokens to use with
RSA SecurID Software Token (the SecurID desktop application).
Prerequisites
Before provisioning tokens for use with the SecurID desktop application, you must:
• Understand how to issue software tokens in RSA Authentication Manager:
– To provision tokens using RSA Authentication Manager 7.1 or RSA SecurID
Appliance 3.0, use the RSA Security Console. For detailed instructions, see
the RSA Security Console Help.
– To provision tokens using RSA Authentication Manager 6.1, use the Database
Administration application. For detailed instructions, see the Database
Administration application Help.
– To configure RSA Credential Manager so that users can obtain tokens through
the RSA Self-Service Console, use the Security Console. For detailed
instructions, see the Security Console Help.
• Issue 128-bit (AES) tokens. The application does not support 64-bit (SID) tokens.
• Plan your authentication requirement, as described in the following section.
For supported token configurations, see “Supported Provisioning Servers
” on page 10.
Planning the RSA SecurID Authentication Requirement
RSA SecurID authentication normally requires using a PIN with the software token.
The PIN and the tokencode displayed on the device form a passcode, which serves as
the user’s one-time password (OTP). Entering a PIN in addition to the tokencode is
known as two-factor authentication. The two factors are something you have (the
token) and something you know (the PIN). Using two factors delivers a higher level of
authentication assurance than using a single factor.
RSA Authentication Manager also supports tokens that do not require entering a PIN.
If you issue this token type, the user authenticates with the currently displayed
tokencode (something you have). This option is best used when a system other than
RSA SecurID is responsible for managing the second factor (something you know),
such as an existing user name and password. In this scenario, the first factor (user
name/password) is validated by the external system and the second factor (tokencode)
is validated by Authentication Manager.
Komentáře k této Příručce