RSA SecurID Integration

SecurID Token Management

Hitachi ID Identity Manager can validate current token pass-codes using either a RADIUS service or using the RSA Authentication Manager connector, installed on the Identity Manager server. Users can sign into Identity Manager with this form of authentication, rather than passwords, security questions, etc.

Identity Manager can manage RSA SecurID tokens, with operations such as clear PIN, PIN reset, enable or disable token, set or clear emergency access mode and clock synchronization. These operations are available both in self-service web or IVR or to a help desk analyst.

SecurID token management depends on an administrative API (apidemon) which is only available locally on the RSA Authentication Manager. As a result, a local Identity Manager connector is mandatory on the RSA Authentication Manager. This connector is available for Windows, Solaris and HPUX.

In addition to managing existing tokens, Identity Manager connectors can manage physical inventories of RSA SecurID tokens, can provision tokens to users, activate them on delivery, instruct a person designated as manager of a particular box of tokens to deliver a given token, by serial number, to its designated new owner and can deactivate, deprovision and return tokens to inventory.

Inventory Management in General

Identity Manager includes an inventory management capability, which consists of:

Definitions of object types (e.g., tokens, smart cards, building access badges, computers, telephones, etc.).
Definitions of locations where physical objects may be stored.
Inventories of objects organized by type and location, where each object is uniquely identified by serial number and assigned a state and owner (e.g., available, enabled, disabled, assigned to user, revoked, pending delivery, pending retrieval, etc.).
Inventory managers, authorized to allocate specific types of objects at specific locations.
Implementers, responsible for physically delivering objects to and collecting objects from users.

Identity Manager can import CSV files with data about large quantities of objects -- for examples cases of new tokens or badges.

Identity Manager is designed to track objects through their lifetime, from acquisition, through storage, activation, user allocation, delivery to users, deactivation, recovery from users, etc. The built-in Identity Manager workflow engine supports this entire lifecycle, with front-ends for object request, authorization, automated or manual allocation of a specific object, etc.

Plug-in points are exposed by Identity Manager, to allow Hitachi ID Systems customer to automate activation and deactivation tasks, such as enabling or disabling a telephone number, network port, building access badge or token.

Identity Manager can be used to report on inventories of objects by type, location or state. It can also be used to report on objects allocated to users.

Identity Manager also exposes plug-in points where it can access inventory data in an external system, such as an asset management application, rather than managing inventory data internally. In some organizations, high-value objects, such as computers or desks, may be tracked in an asset management system, to support depreciation and insurance calculations, while low-cost items, such as tokens or badges, will be managed individually in Identity Manager, to support physical management without the burden of financial modeling for each micro-asset.