KevinConway (Customer) asked a question.
We are looking at implementing Multi-Factor Authentication for our RSA Authentication Manager Interface. We are on version 8.7.1.1. We have it enabled in our RSA Test Environment and are looking to implement in our Production Environment. Our desire is to have users with the Help Desk Role to be forced to use MFA by using their LDAP Password and then the RSA SecurID (pin/passcode). However we would like the Super Admin Role based users to be able to just access via RSA Password. Looking in the Security Console under Settings --> Security Console Authentication Methods Console Authentication area, I'm not sure we can add 2 conditions or if we're just limited to one condition per environment. For example Can we have
(RSA_Password/LDAP_Password)+SecurID_Native
for our Service Desk Role Users AND another line
RSA_Password
for our Super Admins?
Once I enabled mfa for our LDAP users like the top option, it seems to have impacted our ability as Super Admins to use the native Super Admin Password. Is this option available and if so how can we configure and test?
Thanks,
Kevin C.
@KevinConway,
There is not an option to have different authentication methods for your service desk role users and your super admins when accessing the Security Console.
Please note that we recommend that your super admins be in the internal database and not in an external identity source. We make this recommendation because if your external identity source goes down, your super admins will not be able to login to the UI. You may want to consider this same recommendation for your service desk role users as well.
Hi,
Can we enable MFA for OS id ,"rsaadmin"