Creating a User Account with SecurID Authentication

SecurID requires users to both possess a token authenticator and to supply a PIN or password. Token authenticators generate one-time passwords that are synchronized to an RSA Authentication Manager (AM) and may come in the form of hardware or software. Hardware tokens are key-ring or credit card-sized devices. Software tokens reside on the PC or device from which the user wants to authenticate. All tokens generate a random, one-time use access code that changes approximately every minute. When a user attempts to authenticate to a protected resource, the one-time use code must be validated by the AM.

The Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. forwards authentication requests by remote users to the AM. The AM manages the database of RSA users and their assigned hard or soft tokens. The Security Gateway acts as an AM agent and directs all access requests to the AM for authentication. For more information on agent configuration, refer to RSA Authentication Manager documentation. There are no specific parameters required for the SecurID authentication method. Authentication requests can be sent over SDK-supported API or through REST API.

After you configure SecurID authentication, you can, in addition, configure authentication with a certificate file. The user can then authenticate to the Security Gateway with the SecurID or the certificate file.

To configure SecurID authentication for users: