Integration Guide › Integration with RSA SecurID › How To Integrate CA ControlMinder Enterprise Management with RSA SecurID

How To Integrate CA ControlMinder Enterprise Management with RSA SecurID

If your organization uses RSA SecurID to authenticate users, you can use the capabilities of RSA SecurID to authenticate users login to CA ControlMinder Enterprise Management. When you integrate the Enterprise Management Server with RSA SecurID, CA ControlMinder Enterprise Management does not authenticate users on login. CA ControlMinder Enterprise Management detects that users authentication is done by a third-party program.

The following process explains how to integrate CA ControlMinder Enterprise Management with RSA SecurID:

1. Prepare the Enterprise Management Server.
2. Install a supported web server:
   • Windows-Internet Information Server 7.0 with the Application Request Routing (ARR) module.
   • Linux-Apache 2.2.6 web server with the proxy module
3. Configure the Web server as a reverse proxy server.

   The web server acts as a reverse proxy server for all login authentication requests.

4. Configure RSA SecurID to block all network access to CA ControlMinder Enterprise Management except from the web server.

   RSA SecurID prevents users from accessing CA ControlMinder Enterprise Management directly.

5. Install the Enterprise Management Server components.
6. Define a user account in CA ControlMinder Enterprise Management for each RSA SecurID user that will log in to CA ControlMinder Enterprise Management.

   Define only those users that you want to grant access to CA ControlMinder Enterprise Management.

   Important! If you are using Active Directory you do not need to complete this step.

7. Install the RSA Authentication Agent on the following servers:
   • (Linux) Enterprise Management Server
   • The web server

   RSA Authentication Agent intercepts user access requests and forwards the requests to RSA Authentication Manager.

8. Configure the RSA web Agent to enable Single Sign On (SSO) to CA ControlMinder Enterprise Management.
9. Install the RSA Authentication Manager on a dedicated host.

   RSA Authentication Manager authenticates users access requests.

Each time a user tries to log in to CA ControlMinder Enterprise Management, RSA SecurID prompts the user for a valid RSA SecurID credentials instead of CA ControlMinder Enterprise Management user account details. If authenticated, RSA SecurID logs the user in to CA ControlMinder Enterprise Management.

Note: For more information about the RSA SecurID web Agent and Authentication Manager, refer to the RSA SecurID website.