A
PPENDIX
F:
T
WO
-F
ACTOR
A
UTHENTICATION
235
Appendix F: Two-Factor Authentication
As part of CC-SG RADIUS based remote authentication, CC-SG can be configured to point to a
RSA RADIUS Server which supports two-factor authentication via an associated RSA
Authentication Manager. CC-SG acts as a RADIUS client and sends user authentication requests
to RSA RADIUS Server. The authentication request includes user id, a fixed password, and a
dynamic token code.
Supported Environments
The following RSA Two-Factor Authentication components are known to work with CC-SG.
•
RSA RADIUS Server 6.1 on Windows Server 2003
•
RSA Authentication Manager 6.1 on Windows Server 2003
•
RSA Secure ID SID700 hardware token.
Earlier RSA product versions should also work with CC-SG, but they have not been verified.
Setup Requirements
Proper configuration of an RSA RADIUS Server and RSA Authentication manager is beyond the
scope of this guide. Please consult the RSA documentation for additional information.
Note, however, that the following procedures must be completed:
1.
Import Tokens
2.
Create a CC-SG user and assign a token to the user.
3.
Generate a user password.
4.
Create an Agent Host for the RADIUS server.
5.
Create an Agent Host (type: Communication Server) for CC-SG.
6.
Create a RADIUS CC-SG client.
Known Issues
The RSA RADIUS “New PIN” mode that requires a challenge password/PIN will not work.
Instead, all users in this scheme must be assigned fixed passwords.
Summary of Contents for CC-SG
Page 2: ...This page intentionally left blank...
Page 26: ...12 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Page 46: ...32 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Page 158: ...144 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Page 228: ...214 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Page 236: ......
Page 246: ...232 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 248: ...234 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 250: ...236 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 256: ...242 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...