RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Similar documents
RSA Ready Implementation Guide for

VMware Identity Manager vidm 2.7

Cyber Ark Software Ltd Sensitive Information Management Suite

Barracuda Networks NG Firewall 7.0.0

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

Dell SonicWALL NSA 3600 vpn v

Citrix Systems, Inc. Web Interface

Cisco Systems, Inc. Aironet Access Point

SecureW2 Enterprise Client

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

Microsoft Forefront UAG 2010 SP1 DirectAccess

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

Attachmate Reflection for Secure IT 8.2 Server for Windows

Vanguard Integrity Professionals ez/token

Infosys Limited Finacle e-banking

Barracuda Networks SSL VPN

Cisco Systems, Inc. Wireless LAN Controller

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

Pulse Secure Policy Secure

Cisco Systems, Inc. Catalyst Switches

SSH Communications Tectia 6.4.5

Security Access Manager 7.0

Rocket Software Strong Authentication Expert

RSA Ready Implementation Guide for. HelpSystems Safestone DetectIT Security Manager

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Microsoft Unified Access Gateway 2010

RSA SecurID Implementation

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

Cisco Systems, Inc. IOS Router

RSA SECURID ACCESS PAM Agent Implementation Guide

Open System Consultants Radiator RADIUS Server

Apple Computer, Inc. ios

RSA SecurID Ready Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

RSA Ready Implementation Guide for

Barron McCann Technology X-Kryptor

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

RSA SecurID Ready Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

How to RSA SecureID with Clustered NATIVE

RSA SecurID Ready Implementation Guide

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

How to Configure the RSA Authentication Manager

<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID

Fischer International Identity Fischer Identity Suite 4.2

Hitachi ID Systems Inc Identity Manager 8.2.6

RSA Ready Implementation Guide for

TalariaX sendquick Alert Plus

Pass4sure CASECURID01.70 Questions

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

050-v71x-CSESECURID RSA. RSA SecurID Certified Systems Engineer 7.1x

Secured by RSA Implementation Guide for Software Token Authenticators

SOFTEL Communications Password Reset and Identity Management Suite

RSA Ready Implementation Guide for

Vendor: RSA. Exam Code: CASECURID01. Exam Name: RSA SecurID Certified Administrator 8.0 Exam. Version: Demo

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

Advantage Cloud Two-Factor Security Process

McAfee Endpoint Encryption

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

SailPoint IdentityIQ 6.4

Technical Note: RSA SecurID /SA Integration

AT&T Global Smart Messaging Suite

Intel Security/McAfee Endpoint Encryption

Authentify SMS Gateway

SecuRemote for Windows 32-bit/64-bit

Integration Guide. LoginTC

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Checkpoint SecureClient Integration

Symantec Encryption Desktop

Integration Guide. SafeNet Authentication Service (SAS)

Security Cooperation Information Portal

Data Structure Mapping

Data Structure Mapping

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

Remote Access User Guide for Mac OS (Citrix Instructions)

RSA Two Factor Authentication. Feature Description

RSA Authentication Manager 7.1 Administrator s Guide

Data Structure Mapping

Instructions for Application Access via SecureCitrix

MyFloridaNet-2 (MFN-2) Customer Portal/Password Management Reference Guide

Remote Support Security Provider Integration: RADIUS Server

Authentication. August 17, 2018 Version 9.4. For the most recent version of this document, visit our documentation website.

Data Structure Mapping

Integration Guide. SafeNet Authentication Service. Strong Authentication for Citrix Web Interface 4.6

Data Structure Mapping

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Manage Administrators and Admin Access Policies

Data Structure Mapping

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft NPS Technical Manual Template

Transcription:

RSA Ready Implementation Guide for GlobalSCAPE EFT Server 7.3 FAL, RSA Partner Engineering Last Modified: 5/19/2016

Solution Summary GlobalSCAPE Enhanced File Transfer (EFT) server can be configured to use RSA Authentication Manager as an authentication source. The EFT server passes user login information to and from the EFT user login page and the RSA Authentication Manager Server. When the RSA Authentication Manager server authenticates the user, the user is granted access to the EFT server resources. GlobalSCAPE EFT server can be configured to communicate with RSA Authentication Manager via native SecurID protocol or RADIUS protocol RSA Authentication Manager supported features <Partner Product Name and version> RSA SecurID Authentication via Native RSA SecurID UDP Protocol RSA SecurID Authentication via Native RSA SecurID TCP Protocol RSA SecurID Authentication via RADIUS Protocol RSA SecurID Authentication via IPv6 On-Demand Authentication via Native SecurID UDP Protocol On-Demand Authentication via Native SecurID TCP Protocol On-Demand Authentication via RADIUS Protocol Risk-Based Authentication RSA Authentication Manager Replica Support Secondary RADIUS Server Support RSA SecurID Software Token Automation RSA SecurID SD800 Token Automation RSA SecurID Protection of Administrative Interface Yes No Yes No Yes No Yes No Yes No No No No

Agent Host Configuration RSA Authentication Manager Configuration To facilitate communication between the EFT Server and the RSA Authentication Manager / RSA SecurID Appliance, an Agent Host record must be added to the RSA Authentication Manager database. The Agent Host record identifies the EFT Server and contains information about communication and encryption. RSA Authentication Manager 8.0 introduced a new TCP-based authentication protocol and corresponding agent API. RSA Authentication Manager 8.0 and newer also maintains support for the existing UDPbased authentication protocol and agents. The agent host records for TCP and UDP agents are configured similarly, but there are some important differences. Include the following information when configuring a UDP-based agent host record. Hostname IP addresses for network interfaces Important: The UDP-based authentication agent s hostname must resolve to the IP address specified. Include the following information when configuring a TCP-based agent host record. RSA agent name (in the hostname field) Important: The RSA agent name is specified in the rsa_api.properties file. Set the Agent Type to Standard Agent when adding the Authentication Agent. This setting is used by the RSA Authentication Manager to determine how communication with EFT Server will occur. If EFT Server will be communicating with RSA Authentication Manager via RADIUS, then a RADIUS client that corresponds to the agent host record must be created in the RSA Authentication Manager. RADIUS clients are managed using the RSA Security Console. The following information is required to create a RADIUS client: Hostname IP Addresses for network interfaces RADIUS Secret Important: The RADIUS client s hostname must resolve to the IP address specified. Please refer to the appropriate RSA documentation for additional information about creating, modifying and managing Authentication Agents and RADIUS clients.

Partner Product Configuration Before You Begin This section provides instructions for configuring the EFT Server with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All EFT Server components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. GlobalSCAPE EFT Server Configuration 1. Use the RSA Security Console to generate the sdconf.rec configuration file. Copy the file to a location on the EFT server (typically %windir%\system). 2. Log in to the EFT Server Administrator console and browse to your Server Group > Host > Site. 3. Copy the Sdconf.rec file to the c:\windows\system folder 4. Select Enable RSA SecurID support and click Configure.

5. Browse from the ETF GUI to the location of RSA Server configuration file and click OK. Important: In this step you are setting the path where RSA SecurID files will reside. Node secret and sdstatus.12 files will be generated at this location. If the Sdconf.rec file does not appear move it to a different folder. 6. Click Apply to apply your changes. 7. Click Yes to restart the site.

Browse to your Server Group > Host > Site > User Settings Templates. 8. Right click Default Settings and click New User. 9. Mark the Enable RSA SecurID checkbox, enter a Username and click Next to continue. Note: The new username must correspond to a username in the RSA Authentication Manager server s database.

10. Make appropriate changes and/or click Next to continue. 11. Make appropriate changes and/or click Finish to complete the wizard.

The GlobalSCAPE Enhanced File Transfer (EFT) server is now configured for RSA SecurID authentication via Native SecurID protocol. Configure GlobalSCAPE EFT server for RSA SecurID authentication via RADIUS protocol Note: This is optional and not the typical configuration. SecurID is the preferred typical integration. 1. Log in to the EFT Server Administrator console and browse to your Server Group > Host > Site. 2. Select Enable RADIUS support and click Configure. 3. Enter the RADIUS Authentication Settings and click OK.

etf 4. Click Apply to apply your changes. 5. Click Yes to restart the site. 6. Browse to your Server Group > Host > Site > User Settings Templates. 7. Right click Default Settings and click New User.

8. Mark the Enable RADIUS checkbox, enter a Username and click Next to continue. Note: The new username must correspond to a username in the RSA Authentication Manager server s database. 9. Make appropriate changes and/or click Next to continue.

10. Make appropriate changes and/or click Finish to complete the wizard. The GlobalSCAPE Enhanced File Transfer (EFT) server is now configured for RSA SecurID authentication via RADIUS protocol.

RSA SecurID Login Screens Point your browser to the host name or IP and log into the system Login screen: User-generated New PIN: System-generated New PIN: Next Tokencode:

<Partner Name> <Partner Product> Certification Checklist for RSA Authentication Manager Date Tested: May 10 2016 Certification Environment Product Name Version Information Operating System RSA Authentication Manager 8.1 Virtual Appliance RSA Authentication Agent 3.6 Windows Server 2008 R2 RSA Software Token RSA Remote Authentication Client GlobalSCAPE EFT Server 7.3 Windows Server 2008 R2 RSA SecurID Authentication Date Tested: <Month, Day, Year> Mandatory Functionality Native Native RADIUS UDP TCP Client New PIN Mode Force Authentication After New PIN System Generated PIN User Defined (4-8 Alphanumeric) User Defined (5-7 Numeric) Deny 4 and 8 Digit PIN Deny Alphanumeric PIN Deny PIN Reuse Passcode 16 Digit Passcode 4 Digit Fixed Passcode Next Tokencode Mode Next Tokencode Mode On-Demand Authentication On-Demand Authentication On-Demand New PIN Load Balancing / Reliability Testing Failover (3-10 Replicas) No RSA Authentication Manager = Pass = Fail = Non-Available Function FAL

GlobalSCAPE EFT Server 7.3 Certification Checklist for RSA Authentication Manager Software Token Automation Mandatory Functionality PINless Token Next Tokencode Mode PINpad-style Token Deny Alphabetic PIN Next Tokencode Mode Fob-style Token 16 Digit Passcode Alphanumeric PIN Next Tokencode Mode Other System Generated PIN Password Protected PIN Date Tested: <Month, Day, Year> Native Native RADIUS UDP TCP Client = Pass = Fail = Non-Available Function Appendix RSA SecurID Authentication Files RSA SecurID Authentication Files UDP Agent Files sdconf.rec sdopts.rec Node secret sdstatus.12 / jastatus.12 Location None stored, In Memory or path to sdconf.rec file Not implemented, Not tested or path to sdopts.rec file None stored, In Memory or path to node secret file None stored, In Memory or path to sdstatus.12 file TCP Agent Files rsa_api.properties sdconf.rec sdopts.rec Node secret Location In Memory or path to rsa_api.properties file None stored, In Memory or path to sdconf.rec file Not implemented, Not tested or path to sdopts.rec file None stored, In Memory or path to node secret file -- 15 -

GlobalSCAPE EFT Server 7.3 Partner Integration Details Partner Integration Details RSA SecurID UDP API RSA SecurID TCP API RSA Authentication Agent Type RSA SecurID User Specification Display RSA Server Info Perform Test Authentication Agent Tracing Version or Custom Build; API details below Version or Custom Build; API details below Standard Agent, Web Agent Designated Users, All Users, Default Method Yes or No Yes or No Yes or No -- 16 -

GlobalSCAPE EFT Server 7.3 API Details: The Sdconf.rec file is loaded into a user defined folder with C:/windows/system32 being the recommended folder. Node Secret: User defined sdconf.rec: User defined sdopts.rec: User defined sdstatus.12: User defined -- 17 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback