Making RSA Authentication Manager 8.1 Self-Service Console Accessible For External Users
Originally Published: 2016-05-23
Article Number
Applies To
| RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x |
Resolution
Self-Service - Allows end users to basic troubleshooting and token maintenance tasks.
Some of this includes, changing PIN, requesting replacement tokens, performing a token resynchronization, seeking emergency access and so on.
Provisioning - Allows users to request for RSA SecurID tokens (hard or soft) based on their requirement. The system then automates the workflow, which once approved by the Administrator, offers the token to the users.
The Self-Service console (SSC) can be made available to external users (users from outside the internal network), by using a Lightweight Application Server called The Web Tier.
The Web Tier application hosts several Authentication Manager services securely in the network DMZ, thus offering the following benefit:
- All external traffic is bound to pass through the web tier thus protecting the internal network from any unfiltered internet (external) traffic.
- The Authentication Managers are safely isolated and protected inside a firewall in the private network.
Making the self service console accessible for external users is a two-fold process:
- Configuring Web Tier
- Exposing the Self Service Console
- A web tier can be deployed in the DMZ or inside the firewall.
- Configuring a Web Tier requires to first configure a Virtual Host.
- The Virtual Hostname must be configured on the RSA Authentication Manager as follows:
- Primary AM 8.1 Server Operations Console > Deployment Configuration > Virtual Host & Load Balancing
- Select “Configure a virtual host and load balancers “
- Enter the “Virtual Hostname”
- Ensure the Port Number is 443.
- Click “Save”
- The Web Tier can then be configured as follows:
- Primary AM 8.1 Server Operations Console > Deployment Configuration > Web-Tier Deployments > Add New
- Provide the appropriate details.
- Select “Save & Generate Web-Tier Package”
- Once the Web Tier is configured successfully, next would be to expose the SSC to external users for access.
- External Users can access the SSC using the following URL:
