Setting Up RSA SecurID
Share KeePass Passwords with your Team of multiple users
(Versions 7.4+)
Password Server supports authenticating using RSA SecurID as a Two-Factor Provider.
Currently this workflow can be configured using the same steps and same page as the RADIUS Provider.
Password Server Configuration
In Password Server itself, the configuration is simple.
- Go to Users and Roles -> Manage Policies -> Click the User Policy name, which policy contains the users you want to authenticate with RSA SecureID.
- In the Two Factor Policy section -> Click [Configure] by the RADIUS Provider.
- Using the details required by RSA SecurID, fill in the fields:
- Set Enabled to True
- Set "User Can Self-Enroll in this Provider"
- Server Address
- Server Port
- Select an Authentication Protocol - enabled for RSA SecurID
- Try PAP first - for testing purposes.
- See: available protocols
- Shared Secret
- Click Save.
Attach and Enroll Users
Additional Users can be attached to this policy by either:
- Setting a Role policy: from Policies -> Set the Role Policy or Edit -> Set Policy
- Setting a User's policy: From Manage Users -> Click User name -> Edit -> Change policy
-
Setting it as the Users' default Policy: From Policies -> Edit -> Global Settings -> Set the Default Policy
Disabled: Users attached to the policy will show as disabled, until they are enabled or enrolled or self-enrolled.
Enabling 2FA for a User
Two-Factor Authentication can also be enabled individually for all users you would like to authenticate using RSA SecurID tokens:
- Go to Users and Roles > Manage Users -> Click the User name you wish to enable RSA SecurID for.
- In the Two Factor Policy section -> Click [Configure] by the RADIUS Provider.
- Click the Enable button on that screen. The user will now be prompted for the RSA SecurID token each time they log in.
- If RSA SecurID needs to be disabled for a user, you can go back to the previous screen and a Disable button will be present instead of the Enable button.
User Configuration and Self-Enrollment
The prompt is the same: for user configuration setup, and subsequently, for each time they use 2FA:
-
"Please enter the one-time password or secret code."
Configuration error:
-
"RADIUS configuration failed. Please try again"
Token entry error:
-
"Invalid two-factor token. Please try again"