Using RSA SecurID authentication with
Symantec Endpoint Protection Manager

In an IPv6 environment, you must install and enable the IPv4 stack on the
Symantec Endpoint Protection Manager
server to use RSA SecurID authentication.
(IPv6 networking is supported as of version 14.2.)

Configuring RSA SecurID to authenticate
Symantec Endpoint Protection Manager
administrators

If you want to authenticate administrators who use the
Symantec Endpoint Protection Manager
with RSA SecurID, you must first enable encrypted authentication by configuring a connection to an RSA Authentication Manager server.
To configure RSA SecurID to authenticate
Symantec Endpoint Protection Manager
administrators
  1. Install an RSA Authentication Manager server, if necessary. Use RSA Authentication Manager 8.1.
  2. Install and properly configure the RSA Authentication Agent on the Symantec Endpoint Protection Manager server to connect to the RSA server. Use RSA Authentication Agent 7.x.
  3. Ensure that the Symantec Endpoint Protection Manager server registers as a valid host on the RSA Authentication Manager server.
  4. Ensure that the
    sdconf.rec
    file on the RSA Authentication Manager server is accessible on the network.
  5. Assign a synchronized SecurID card or key fob to a management server account; activate the logon name on the RSA Authentication Manager server.
  6. Ensure that the administrator has the RSA PIN or password available.
    Symantec supports the following types of RSA logons:
    • RSA SecurID token (not software RSA tokens)
    • RSA SecurID card
    • RSA keypad card (not RSA smart cards)
    To log on to the management server with the RSA SecurID, an administrator needs a logon name, the token (hardware), and a PIN.

Installing the RSA Authentication Agent and configure the
Symantec Endpoint Protection Manager
server to use RSA SecurID authentication

To use RSA SecurID with
Symantec Endpoint Protection Manager
, you must install the RSA Authentication Agent on the
Symantec Endpoint Protection Manager
server and configure it as a SecurID Authentication client.
To install the RSA Authentication Agent
  1. Install the software for the RSA Authentication Agent on the Symantec Endpoint Protection Manager server. You can install the software by running the Windows .msi file from the RSA Authentication Agent installation file.
  2. Copy the
    sdconf.rec
    file from the RSA Authentication server to the
    Symantec Endpoint Protection Manager
    server.
    For earlier versions of RSA Authentication Agent, copy
    nodesecret.rec
    ,
    sdconf.rec
    , and
    agent_nsload.exe
    .
To configure the
Symantec Endpoint Protection Manager
server to use RSA SecurID authentication
  1. Log on to the
    Symantec Endpoint Protection Manager
    console, and then click
    Admin > Servers
    .
  2. Under
    Servers
    , under
    Local Site
    , click the management server.
  3. Under
    Tasks
    , click
    Configure SecurID authentication
    .
  4. In the
    Welcome to the Configure SecurID Authentication Wizard
    panel, click
    Next
    .
  5. In the
    Qualification
    panel of the
    Configure SecurID Authentication Wizard
    panel, read the prerequisites and verify that you meet them all.
  6. Click
    Next
    .
  7. In the
    Upload RSA File
    panel of the
    Configure SecurID Authentication Wizard
    panel, browse for the folder in which the
    sdconf.rec
    file resides.
    You can also type the path name.
  8. Click
    Next
    , and then click
    Test
    to test your configuration.
  9. In the
    Test Configuration
    dialog box, type the user name and password for your SecurID, and then click
    Test
    .
    It now authenticates successfully.

Adding Symantec Endpoint Protection Manager administrators who use RSA SecurID authentication

After you complete the previous procedures, you can add Symantec Endpoint Protection Manager administrators.
To add Symantec Endpoint Protection Manager administrators who use RSA SecurID authentication
  1. On the
    Authentication
    tab, click RSA SecurID Authentication.
    If this option is unavailable, review the configuration guidelines. See:
  2. Click
    OK
    .
    You can also change an existing administrator account to use RSA SecurID authentication, though this practice is not recommended, especially for default administrator account, admin. If you provide invalid information when you edit an existing user, it is more difficult to recover that user.
    However, if you modify an existing administrator account, in the
    Confirm Change
    dialog box, type the password that you use to log on to
    Symantec Endpoint Protection Manager
    , and then click
    OK
    .
    When you switch between authentication methods, you must type the administrator account's password. See: