RSA Authentication Manager 8 - Amazon S3...RSA Authentication Manager 8.2 2 Over 25,000 customers 50...
Transcript of RSA Authentication Manager 8 - Amazon S3...RSA Authentication Manager 8.2 2 Over 25,000 customers 50...
RSA Authentication Manager 8.2
2
Over 25,000 customers
50 – 60 million active tokens in circulation
10 million units shipped per year
More than 50% market share
RSA Ready Partner Program: 400 Partners with
Native SecurID Integration
THE undisputed leader in multi-factor auth
• 2016 SC Magazine Awards: Best Authentication
• Reigning Leader, Gartner MQ
3
RSA Authentication Manager 8.2 Key Themes
Seamless
• RSA Via Access SecurID Agent Hub
Secure
• FIPS Inside Compliance
• PCI DSS Compliance
• IPv6 Phase I
Simple
• Provision Once SW Tokens
• Token Expiry Alert
• Dashboard Search Option
• Report Ready Notification
Scalable
• AMBA (Enterprise)
• New Identity Sources
4
Seamless
5
Via Access SecurID Agent Hub (need to purchase RSA Via Access)
SecurID / RSA Via Access
• Via Access Tokencodes for 2FA to
SecurID Agents
– No Change to SecurID Agent
Infrastructure
– Leverage RSA Ready Program
with over 400 Certified Integrations
– PIN or Fingerprint to unlock
Tokencode
• Simplifies Registration and
Provisioning Processes
ORG1
ORG2
HU
ND
RE
DS
OF
AP
PL
ICA
TIO
NS
ON
-PR
EM
AN
D IN
TH
E C
LO
UD
Access Manager
Cloud
On-Premises
SecurID Agents
6
Identity Router
Authentication Manager 8.2
SecurID Agent
Protected Resource
1 User opens Via Access app,
enters PIN or Biometric
Thumbprint to unlock the
Via Tokencode
2 User enters UserID &
Via Tokencode into
SecurID Agent
Username & Via
Tokencode are
passed to AM8.2
3
4 AM8.2 cannot locate
user locally so reaches
out to Trusted Realms
5 IDR locates user
Passes Via Tokencode
to Via Access
6 Via Access validates
Via Tokencode
Returns response
7 User Permitted
or
Denied Access
Via Access SecurID Agent HubHow it Works
Trusted
Realm
SecurID / RSA Via Access
4096 9913
7
Via Access User Experience
User ValidationPull Down the App
Simple End User Enrollment
Set Password
8
Device Registration
Via Access User ExperienceSimple End User Device Registration & Authentication
Multi Factor Auth Create PIN Fingerprint
9
Via Access SecurID Agent Hub Benefits
SecurID / RSA Via Access
Seamless Transition
No Change to Agents
Streamlined Registration & Provisioning Processes
Improves End User
Experience
Lowers Total Cost Of Ownership
10
Simple
11
Improved Software Token Provisioning
“Provision Once” Software Tokens
• Software Tokens provisioned in AM 8.2 expire on the Server side only
meaning software tokens do not need to be re-provisioned!
• Significantly lowers administrative time and overhead to manage and
provision software tokens
Authentication Manager 8.1
TOKEN
EXPIRED Authentication Manager 8.2
5716 8299
AM8.1 and earlier NEW!
12
Email (Admin) for imminent token expiry
Simplifying Administration
User Dashboard search option (User Alias)
Email (Admin) report job completion
Friday, June 17, 2016 5:03 PM.
Improved Search and Notifications
13
Customizable Display Banner
• Customized Logo & Text Displayed
Prior to Login
• User Must Accept Notification
Before Login to AM
• Available on All AM Consoles
– Security Console
– Operations Console
– Self Service
– SSH
Meets Organizations Best Practices
Unauthorized Access is prohibited. If you are authorized
to access this site, please click the Accept button below.
If you are not authorized, please exit this site.
14
Secure & Scalable
15
FIPS 140-2 Compliance Inside
• AM Cipher Suite upgraded to meet NIST/FIPS Compliance*
PCI Compliance
• SSLv3 removal and expanded TLS 1.2 support*
• Strict TLS Mode option
NIST SP 800-131A
• Core / Plumbing Certificates upgradeable to SHA-2
Security Updates
* Does not include Radius and Off-Line Authentication
16
Without AMBA
1. Log into Security Console
2. Add New User & Relevant Info
3. Assign Software token
4. Distribute Software token
• Select token profile
• Select provisioning & delivery options
5. Repeat steps 2 to 4, 99 times
6. …
100. Done
With AMBA*
1. Prepare AMBA Input .csv file with New
User Info & Options
2. Access AM Command Line
3. Invoke AMBA Utility• Run test & verify proper operation
• Execute command
4. Done
Authentication Manager Bulk Administration (AMBA)
Add 100 New Users, Assign & Distribute Software token
* Requires Enterprise License or standalone AMBA license
AMBA Pre-Packaged with Authentication Manager
17
• Appliance Operating System Upgrade
to SUSE 11 SP4
• Qualification of VMware ESXi 6.0
• Open LDAP as an Identity Source
• IPv6 RADIUS Clients
New Platform Support & Qualifications
18
Supported Migration Paths
AM 6.1
All OS Platforms
AM 7.1
All OS Platforms
RSA SecurID
Appliance 2.0
RSA SecurID
Appliance 3.0
AM 8.1 Release
AM 8.2 Release
AM 8.1 SP1
Hyper-V Appliance
AM 8.1 Hardware
Appliance
AM 8.1 VMware
Appliance
AM 8.2
Hyper-V Appliance
AM 8.1 SP1
Hardware /
VMware Appliance
AM 8.2 HW /
VMware Appliance
AM 6.1 EOPS: December, 2015
AM 7.1 EOPS: June, 2016
19
Streamlining Evaluations
• Auto Generates 25 SW Tokens
when 90-day Trial License is
Installed
– Eliminates time-consuming
distribution of Software Token
Media
• One-time Use Extension Code
extends trial by 90 Days
• Auto Deletes Eval License once
Production License is Installed
20
Thank You