• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Access Manager
  • Download evaluation
  • Releases
  • CCC
• Solutions
  • Security / GRC
  • Reducing IT support cost
  • Improve user service
• Support
  • Shipping products
  • Supported versions
  • Portal login
  • Report problem
• Services
  • Solution delivery
  • Methodology
  • Education
  • Upgrades
  • AdMax Program
  • Hitachi ID Systems-Managed IAM
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Channel Partners
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Online partner application

Technology Included connectors RSA SecurID

Hitachi ID Password Manager RSA SecurID integration

Hitachi ID Password Manager (formerly P-Synch), a component of the Hitachi ID Management Suite, actually supports more than just passwords -- it is, in reality, a platform for managing authentication factors and encryption keys. Password Manager is used by many organizations to reduce the volume of IT support calls relating to passwords and PINs, to improve user productivity by eliminating login problems and to strengthen the security of passwords and of user support processes. Password Manager includes built-in connectors to manage passwords on over 100 kinds of systems and applications.

Token Management

(1)Users with RSA SecurID tokens can use Password Manager for PIN reset or to clear forgotten PINs, to resynchronize their token clock with the RSA Authentication Manager, to enable or disable their token and to get emergency access pass-codes.

Organizations that have RSA SecurID tokens should allow users to clear or reset their PINs, resynchronize token clocks with the ACE server and enable/disable their own tokens. All of this should be accessible in a self-service facility, with password authentication.

There is no security impact to the above -- PIN resets in particular substitute one secret (a user's password) for another (the same user's PIN).

Support analysts should be able to perform the same functions, after a reliable caller authentication process. Some organizations may also allow empower staff to issue emergency access numbers for users who misplaced their token and need access to infrastructure protected by token authentication.

Enabling self-service access to emergency pass codes reduces the security of tokens from two factor (hardware + PIN) to one factor (the password used to access self-service). This feature should only be enabled if token security can be safely reduced to password security.

RSA SecurID Integration

Password Manager can validate current token pass-codes using either a RADIUS service or using the RSA Authentication Manager connector, installed on the Password Manager server. Users can sign into Password Manager with this form of authentication, rather than passwords, security questions, etc.

Password Manager can manage RSA SecurID tokens, with operations such as clear PIN, PIN reset, enable or disable token, set or clear emergency access mode and clock synchronization. These operations are available both in self-service web or IVR or to a help desk analyst.

SecurID token management depends on an administrative API (apidemon) which is only available locally on the RSA Authentication Manager. As a result, a local Password Manager connector is mandatory on the RSA Authentication Manager. This connector is available for Windows, Solaris and HPUX.

© Hitachi ID Systems, Inc. . All rights reserved.