Appendix f: two-factor authentication, Supported environments, Setup requirements – Raritan Computer CC-SG User Manual

A

PPENDIX

F:

T

WO

-F

ACTOR

A

UTHENTICATION

235

Appendix F: Two-Factor Authentication

As part of CC-SG RADIUS based remote authentication, CC-SG can be configured to point to a
RSA RADIUS Server which supports two-factor authentication via an associated RSA
Authentication Manager. CC-SG acts as a RADIUS client and sends user authentication requests
to RSA RADIUS Server. The authentication request includes user id, a fixed password, and a
dynamic token code.

Supported Environments

The following RSA Two-Factor Authentication components are known to work with CC-SG.
• RSA RADIUS Server 6.1 on Windows Server 2003
• RSA Authentication Manager 6.1 on Windows Server 2003
• RSA Secure ID SID700 hardware token.
Earlier RSA product versions should also work with CC-SG, but they have not been verified.

Setup Requirements

Proper configuration of an RSA RADIUS Server and RSA Authentication manager is beyond the
scope of this guide. Please consult the RSA documentation for additional information.

Note, however, that the following procedures must be completed:

1. Import Tokens

2. Create a CC-SG user and assign a token to the user.

3. Generate a user password.

4. Create an Agent Host for the RADIUS server.

5. Create an Agent Host (type: Communication Server) for CC-SG.

6. Create a RADIUS CC-SG client.

Known Issues

The RSA RADIUS “New PIN” mode that requires a challenge password/PIN will not work.
Instead, all users in this scheme must be assigned fixed passwords.