Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
 Words and Phrases
Words and Phrases
                                                        | Search for | Example | Results | 
|---|---|---|
| A single word | cat | Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". | 
| A phrase. You can specify that the search results contain a specific phrase. | "cat food"(quotation marks) | Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. | 
 Using Boolean Operators
Using Boolean Operators
                                                        | Search for | Operator | Example | 
|---|---|---|
| Two or more words in the same topic | 
 
 
 | 
 
 
 | 
| Either word in a topic | 
 
 | 
 
 | 
| Topics that do not contain a specific word or phrase | 
 
 | 
 
 | 
| Topics that contain one string and do not contain another | ^(caret) | cat ^ mouse | 
| A combination of search types | ( )parentheses | 
 
 | 
- User and user group setup and security
                                                        - SA users and user groups
- Managing users
- Managing user groups
- Setting permissions on user groups
- Setting password, account, and session security policies
- Managing super administrators
- Managing customer administrators and customer groups
- Authenticating with an external LDAP directory service
- SA Common Access Card (CAC) and Personal Identity Verification (PIV) Smart Card integration
- SA/RSA SecurID® integration
- Configuring SA/SecurID integration
- User and Security Reports
 
SA/RSA SecurID® integration
RSA SecurID® is a two-factor authentication system from RSA Security, Inc. (a division of EMC). Two-factor authentication is based on the concept of something you know (a password or PIN) and something you have (an authenticator) and provides stronger user authentication than passwords. This section describes how to take advantage of SecurID authentication in your SA system; however, it does not explain how to install, configure, or maintain RSA SecurID.
For detailed information about RSA SecurID, see http://www.rsa.com.
This section describes how SA authentication integrates with RSA SecurID. It assumes that you are already using RSA SecurID or will install it. An RSA SecurID server (RSA Authentication Manager or ACE Server) must be installed and fully configured before you can begin using SecurID authentication with SA.
- Overview
- SecurID/SA integration platform requirements
- SA Support for SecurID authentication methods
- Restrictions
Overview
SA users are required to authenticate to SA to perform any operations. SecurID integration allows them to use their existing RSA SecurID tokens for authentication. SA authentication can be seamlessly integrated into your existing SecurID environment. As far as the RSA authentication server is concerned, SA (more specifically, the Web Services Data Access Engine server) is just another SecurID agent.
SecurID support is automatic with the installation of an SA Core. Only a few configuration steps are required to enable it:
The first two tasks must be performed on every Web Services Data Access Engine host in your Multimaster Mesh or in SA installations with multiple Web Services Data Access Engines.
- Copying an RSA SecurID configuration file named sdconf.rec into a directory on any SA Core servers that host the Web Services Data Access Engine (twist). sdconf.rec is located on the RSA Authentication Manager/ACE Server host and contains required information about the RSA Authentication Manager that must be available to the SA Core.
- Shutting down the Web Services Data Access Engine and restarting after editing the loginModule.conf file to enable SecurID authentication in SA.
- Creating or modifying users in the SA Client to use SecurID authentication.
SecurID/SA integration platform requirements
- Solaris
- Linux x86 and x86_64
- RSA ACE Server 6.1 or above.
SA Support for SecurID authentication methods
RSA SecurID is based on two-factor authentication, with the SecurID token as the first factor and the Personal Identification Number (PIN) as the second factor.
The SecurID token is the something you have and the PIN is the something you know. These two factors offer stronger authentication than a user password alone.
SecurID tokens can be either hardware-based (hardware token or hard token) or software-based (software token or soft token). The tokens provide a token code which, when combined with a pre-assigned (provisioned) PIN, is called a passcode.
The following table shows typical authentication methods that are supported by SA/SecurID integration.
| Authentication method | Description | 
|---|---|
| Normal Authentication | The most used method. The user's PIN is assigned (provisioned). The passcode is either accepted or rejected. | 
| Next Tokencode Mode (not supported) | This method is used when a user does not enter the passcode correctly. In Next Tokencode Mode, the user must wait for the tokencode to change, and then submit the new tokencode. By default, a user will be put into the Next Tokencode Mode if the incorrect passcode for that user has been submitted three times consecutively. | 
| New PIN Mode(not supported) | This scenario occurs when the user must create a new PIN or modify an existing PIN. | 
Restrictions
RSA SecurID authentication is not an appropriate method for non-interactive scripts, because the token code changes every 60 seconds and therefore will cause non-interactive scripts to fail. Your options are to rewrite the scripts to be interactive, or avoid using SecurID where such scripts would be affected.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback:


 
                                                 
                                                 
                                                