RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>RSA</strong> <strong>Authentication</strong> <strong>Manager</strong> <strong>7.1</strong> Administrator’s <strong>Guide</strong><br />
After choosing individual or multiple distribution, do the following:<br />
• E-mail the token file to the user.<br />
• Instruct the user to download the token file to his or her device.<br />
• Instruct the user to download the token application. The token application is<br />
installed on the device, and displays the tokencodes on the device screen. Token<br />
applications are available from the following URL:<br />
http://www.rsa.com/node.asp?id=1313.<br />
Installation instructions are included in the token application download kit.<br />
Distributing Software Tokens Using Remote Token-Key Generation<br />
(CT-KIP)<br />
Note: Before distributing the software token, make sure that you have imported the<br />
token records and assigned a CT-KIP-capable token to the user.<br />
When you assign a CT-KIP-capable software token to a user, you can optionally select<br />
to use remote token-key generation (CT-KIP) to deploy a token on user devices.<br />
CT-KIP is more secure than other delivery methods because it enables <strong>Authentication</strong><br />
<strong>Manager</strong> and the device that hosts the software token, such as a web browser, to<br />
simultaneously and securely generate the same token file on a device and the<br />
<strong>Authentication</strong> <strong>Manager</strong>.<br />
This allows you to put a token file on a user’s device without actually sending the<br />
token file through e-mail or putting it on external electronic media. This greatly<br />
decreases the chances that the token file will be intercepted by an unauthorized<br />
person.<br />
You need the following information when distributing software tokens using CT-KIP:<br />
Software Token Device Type. The type of device on which the token is being<br />
installed. An <strong>RSA</strong> SecurID Toolbar Token is an example of a software token<br />
device type. You have to select the device type and enter information for the<br />
device specific attributes.<br />
You can add additional software token types to <strong>Authentication</strong> <strong>Manager</strong>. For more<br />
information, see “Adding Additional Software Token Device Types to Your<br />
Deployment” on page 120.<br />
Device Nickname. The Device Nickname field allows a user to assign a<br />
user-friendly name to the software token. For example, a user might name<br />
software tokens “Office Token” or “Home Token” to differentiate between the<br />
tokens he or she uses at home and the office.<br />
Binding a Software Token to a Device. <strong>RSA</strong> software tokens include a<br />
predefined field named Device Serial Number. When you issue the software<br />
token to a user, you can enter the serial number of the device in this field, which<br />
binds the issued token to the specific device with the corresponding serial number.<br />
A token that is bound to a specific device cannot be installed on any other device.<br />
84 3: Protecting Network Resources with <strong>RSA</strong> SecurID