379
CC-SG can be configured to point to an RSA RADIUS Server that
supports two-factor authentication via an associated RSA Authentication
Manager. CC-SG acts as a RADIUS client and sends user authentication
requests to RSA RADIUS Server. The authentication request includes
user id, a fixed password, and a dynamic token code.
In This Chapter
Supported Environments for Two-Factor Authentication ...................... 379
Two-Factor Authentication Setup Requirements .................................. 379
Two-Factor Authentication Known Issues ............................................. 379
Supported Environments for Two-Factor Authentication
The following two-factor authentication components are known to work
with CC-SG.
RSA RADIUS Server 6.1 on Windows Server 2003
RSA Authentication Manager 6.1 on Windows Server 2003
RSA Secure ID SID700 hardware token
Earlier RSA product versions should also work with CC-SG, but they
have not been verified.
Two-Factor Authentication Setup Requirements
The following tasks must be completed for two-factor authentication
setup. Consult the RSA documentation.
1. Import tokens.
2. Create a CC-SG user and assign a token to the user.
3. Generate a user password.
4. Create an agent host for the RADIUS server.
5. Create an agent host (type: Communication Server) for CC-SG.
6. Create a RADIUS CC-SG client.
Two-Factor Authentication Known Issues
The RSA RADIUS “New PIN” mode that requires a challenge
password/PIN will not work. Instead, all users in this scheme must be
assigned fixed passwords.
Appendix H
Two-Factor Authentication