How to protect a windows system with RSA SecurID 2FA, Part-2
Part-1:
Please read the first blog if you accidentally come to part 2.
4. Now we will import the software token to the AM. The same process goes for hardware token import.
Navigate to Authentication>SecurID Tokens>Import Tokens Job> Add New
Click on Choose File to import token seed.
Click on Submit Job.
This is the inside of a software token file.
As we can see that the tokens are imported and now ready to assign to the user.
5. Now navigate to Identity>Users>Manage Existing to assign the token to user.
Now select your database whether it is internal database or AD OU. Then click on Search.
Here we will assign the token to internal database user called testuser. Now click on the down arrow icon beside the testuser name.
Under SecurID Tokens, click on Assign More…
Select the any available token serial number and click on Assign.
Now you need to create a software token profile because at the time of distributing the token, a software token profile must be selected. This profile tells whether the token is for desktop or ios or android, how long the token will be displayed, what will be the token’s length, whether the token is PIN included or excluded etc.
So navigate to, Authentication>Software Token Profiles>Add New
We choose Device Type as Desktop PC 4.x instead of Android or iOS. This is because in lab environment mobile token activation or hardware token activation is not available. That’s why RSA provides two software for us. One is software token generation application that will generate token code for us after installing it on windows. And another software is testing software that will help us to test whether the authentication is valid or not. It will be cleared once I show it to you. Please be patient and continue your read.
Now navigate to Identity>Users>Manage Existing
Click on down arrow of testuser then click SecuID Tokens.
Now click on down arrow of the serial number and click on Distribute.
Choose the software token profile that you created some times ago.
Provide a password as this is required and mandatory.
Now download the token and take it to the winagent1 machine. Please note, for mobile token activation and hardware token, this creation of software token profile is not required.
Next steps will continue from part-3.
If you find this useful, please subscribe below.
LinkedIn:
https://www.linkedin.com/in/md-mahimbin-firoj-7b8a5a113/
YouTube:
