RSA SecurID Integration - Hitachi ID Password Manager
Users with RSA SecurID tokens can use Hitachi ID Password Manager for PIN reset or to
clear forgotten PINs, to resynchronize their token clock
with the RSA Authentication Manager, to enable or disable their token
and to get emergency access pass-codes.
Organizations that have RSA SecurID tokens should allow users to
clear or reset their PINs, resynchronize token clocks with the
ACE server and enable/disable their own tokens. All of this
should be accessible in a self-service facility, with password
There is no security impact to the above -- PIN resets in particular
substitute one secret (a user's password) for another (the same
Support staff should be able to perform the same functions, after
a reliable caller authentication process. Some organizations may
also allow empower staff to issue emergency access numbers for users
who misplaced their token and need access to infrastructure protected
by token authentication.
Enabling self-service access to emergency pass codes reduces the
security of tokens from two factor (hardware + PIN) to one factor
(the password used to access self-service). This feature should
only be enabled if token security can be safely reduced to password
- Included Connectors:
Systems on which Password Manager can manage passwords.
Integrations between Password Manager and other parts of an IT infrastructure.
- Supported User Interfaces:
Supported Password Manager user interfaces: web browser, workstation login prompt, mobile phone and telephone call.
- Helping Locked Out Users:
Enabling users who forgot their primary password or locked themselves out of their PC to access self-service.
- Helping Mobile Users:
Assisting mobile users who forgot their primary password (cached on their PC) while away from the corporate network.
- Network architecture:
How users, existing systems and applications and Password Manager servers interact on the network.
How Password Manager can scale to manage passwords across millions of login IDs.
- Mapping User IDs:
How Password Manager maps user IDs on different systems back to their human users, both automatically and with human assistance.
- Language Support:
Languages supported by the Password Manager user interface.
- Single Sign-on Without a Password Wallet:
Hitachi ID Login Manager can automatically sign users into their applications without having to store IDs and passwords in a "password wallet."
- Password Manager server requirements:
Sizing, configuration and number of servers on which to deploy Password Manager.