search cancel

Configuring the Symantec Endpoint Protection Manager to use RSA SecurID Authentication

book

Article ID: 151577

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to configure RSA SecurID Authentication with SEPM

Symptoms
Symantec Endpoint Protection Manager: SecurID authentication configuration test fails


 

Resolution

Prerequisites for using RSA SecurID with the Symantec Endpoint Protection Manager

If you want to authenticate administrators that use the Symantec Endpoint Protection Manager with RSA SecurID, you need to enable encrypted authentication by running the RSA installation wizard. Before you run the wizard, make sure that:
 

  1. You have an RSA ACE server installed
  2. You are using a properly configured RSA Authentication Agent on the Symantec Endpoint Protection Manager to connect to the RSA server. Current RSA support in the Symantec Endpoint Protection Manager(12.1.6 MP4 and prior) is designed around RSA 5.x/6.x--an RSA 7.x Authentication Agent will not work.
    NOTE: RSA Agent 7.x and above are supported from Symantec Endpoint Protection Manager 12.1 RU6MP5.
  3. The computer on which you installed the Symantec Endpoint Protection Manager is registered as a valid host on the RSA ACE server
  4. Create the Node Secret file for the same host
  5. The sdconf.rec file on the RSA ACE server is accessible on the network
  6. A synchronized SecurID card or key fob has been assigned to a Symantec Endpoint Protection Manager account. The logon name must be activated on the RSA ACE server
  7. The administrator has the RSA PIN or password available Symantec supports the following types of RSA logons:
    • RSA SecurID token (not software RSA tokens)
    • RSA SecurID card
    • RSA keypad card (not RSA smart cards)


To log on to the Symantec Endpoint Protection Manager with the RSA SecurID, the administrator needs a logon name, the token (hardware), and a pin number.

Configuring the Symantec Endpoint Protection Manager to use RSA SecurID Authentication

If your corporate network includes an RSA server, you need to install the software for an RSA ACE Agent on the computer on which you installed the Symantec Endpoint Protection Manager and configure it as a SecurID Authentication client. The Symantec Endpoint Protection Manager is also referred to as the management server.


Configuring RSA SecurID authentication on the Symantec Endpoint Protection Manager
 

  1. Install the software for the RSA ACE Agent on the same computer on which you installed the Symantec Endpoint Protection Manager. You can install the software by running the Windows msi file from the RSA Authentication Agent CD.
  2. Copy the nodesecret.rec, sdconf.rec, and agent_nsload.exe files from the RSA ACE server to the computer on which you installed the Symantec Endpoint Protection Manager.
  3. At the command prompt, type the following command: agent_nsload -f nodesecret.rec -p <password for the nodesecret file>
  4. In the management console, click Admin.
  5. In the Admin page, under Tasks, click Servers.
  6. In the Admin page, under View Servers, select the Symantec Endpoint Protection Manager to which you want to connect an RSA server.
  7. In the Admin page, under Tasks, click Configure SecurID authentication.
  8. In the Welcome to the Configure SecurID Authentication Wizard panel, click Next.
  9. In the Qualification panel of the Configure SecurID Authentication Wizard panel, read the prerequisites so that you can meet all the requirements.
  10. Click Next.
  11. In the Upload RSA File panel of the Configure SecurID Authentication Wizard panel, browse for the folder in which the sdconf.rec file resides. You can also type the path name.
  12. Click Next.
  13. Click Test to test your configuration.
  14. In the Test Configuration dialog box, type the user name and password for your SecurID, and then click Test to verify your configuration.


Creating a SecurID authentication for a Symantec Endpoint Protection Manager administrator

You can specify that administrators must first be authenticated by SecurID before they can log into the management console.

1) In the management console, click Admin.
2) On the Admin page, under Tasks, select Administrators.
3) On the Administrators page, under Tasks, select Add Administrator.
4) In the Add Administrator dialog box, type the name of a user that you previously configured for the RSA ACE client.
5) Next to Authentication Type, click Change.
6) In the Administrator Authentication dialog box, select RSA SecurID Authentication, and then click OK.
7) In the Add Administrator dialog box, click OK.



References
Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control

Link:
RSA Authentication Agent 5.3 for Web for Internet Information Services