Technology Platform Support RSA SecurID

RSA SecurID Integration

P-Synch®, a component of Hitachi ID Management Suite®, is enterprise password management software. It reduces the frequency of help desk calls, improves user productivity and strengthens security with password synchronization, self-service password reset, help desk password reset and simplified administration of other authentication factors, such as hardware tokens and biometric samples. P-Synch includes connectors to manage passwords on over 70 types of systems.

Token Management

(1)Users with RSA SecurID tokens can use P-Synch for PIN reset or to clear forgotten PINs, to resynchronize their token clock with the RSA Authentication Manager, to enable or disable their token, and to get emergency access pass-codes.

Organizations that have RSA SecurID tokens should allow users to clear or reset their PINs, resynchronize token clocks with the ACE server, and enable/disable their own tokens. All of this should be accessible in a self-service facility, with password authentication.

There is no security impact to the above -- PIN resets in particular substitute one secret (a user's password) for another (the same user's PIN).

Support analysts should be able to perform the same functions, after a reliable caller authentication process. Some organizations may also allow empower staff to issue emergency access numbers for users who misplaced their token and need access to infrastructure protected by token authentication.

Enabling self-service access to emergency pass codes reduces the security of tokens from two factor (hardware + PIN) to one factor (the password used to access self-service). This feature should only be enabled if token security can be safely reduced to password security.

Integration with RSA SecurID Servers

P-Synch can validate current RSA SecurID token pass-codes using either a RADIUS service or using the RSA Authentication Manager agent, installed on the P-Synch server. Users can sign into P-Synch with this form of authentication, rather than passwords, Q-A (Question-and-Answer) profiles, etc.

P-Synch can manage RSA SecurID tokens, with operations such as clear PIN, PIN reset, enable or disable token, set or clear emergency access mode and clock synchronization. These operations are available both in self service web or IVR (interactive voice response) or to a help desk analyst.

SecurID token management depends on an administrative API (application programming interface) (apidemon) which is only available locally on the RSA Authentication Manager. As a result, a local P-Synch agent is mandatory on the RSA Authentication Manager. This agent is available for Win32, Solaris and HPUX.

© Hitachi ID Systems, Inc. 2008. All rights reserved.