Skip to main content
Skip table of contents

RSA SecureID for Two Factor Authentication

Limitations & Important Notes for RSA SecurID Channel:

  1. There is no option to exclude any user from 2FA. If 2FA is enabled on the solution, it must be used by all users.

  2. Keycloak will not manage the 2FA registration for SecurID. Only OTP validation will be handled by Keycloak.

  3. 2FA registration on SecurID will be handled by the customer.

  4. All users (including admins) created in Keycloak must be registered for 2FA with SecurID beforehand.

  5. All users must have the same username in both Keycloak and SecurID.

  6. If 2FA is enabled on the solution, each user will be required to enter an OTP during login. If a user does not have access to the OTP, they should contact the Administrator.

For RSA SecurID, the Keycloak Connector manages the OTP validation mechanism. The user must already be registered for 2FA with RSA SecurID. The user will need to enter a 14-character passcode (PIN + Token). The Connector will fetch this passcode and validate it against the RSA Server.

Information Required from RSA Server

Following is the information required from RSA Server to enable two-factor authentication via RSA (SecurID) Authenticator App:

  1. RSA Server URL

This will be the URL of the RSA Server that the Keycloak Connector will communicate with to validate OTPs. For example, https://<rsa-server-domain-name>:<port>/. Don’t forget to add slash / at the end of the URL.

  1. RSA Client Key

This will be the access key required to communicate with RSA Server. RSA also refers to this as Access Key. For example, en7ujo7001g32e3ues48sguo69fetkmdd85hsele82d6641d496zitr56n1b9e6l.

  1. RSA Client ID

This will be the name or ID of the authentication agent responsible for validating the OTPs. For example, authenticator.

All this information can be fetched from RSA Authentication Manager.

Enable 2FA with RSA SecureID

  1. To enable two factor authentication with RSA secureID, update the following environment variables in

CODE 
  efCommonVars_IS_ENABLED_2FA: "true"
  efCommonVars_CHANNEL_2FA: "rsa"
  efCommonVars_RSA_SERVER_URL: ""
  efCommonVars_RSA_CLIENT_KEY: ""
  efCommonVars_RSA_CLIENT_ID: ""

Update the efCommonVars_RSA_SERVER_URL, efCommonVars_RSA_CLIENT_KEY, efCommonVars_RSA_CLIENT_ID with the actual values

  1. Deploy the CX Core using default values.

CODE 
helm upgrade --install --namespace expertflow --create-namespace   ef-cx  --debug --values helm-values/ef-cx-custom-values.yaml expertflow/cx --version 4.9.3

Disable Two-Factor Authentication

  1. Update below configurations for common variables in kubernetes/helm-values/ef-cx-custom-values.yaml:

CODE 
efCommonVars_IS_ENABLED_2FA: "false"

  1. Deploy the CX Core using default values.

CODE 
helm upgrade --install --namespace expertflow --create-namespace   ef-cx  --debug --values helm-values/ef-cx-custom-values.yaml expertflow/cx --version 4.9.3

User Guide for 2FA with RSA SecureID

https://expertflow-docs.atlassian.net/wiki/spaces/CX/pages/417988903/Two+Factor+Authentication+-+User+Guide+Agent+Desk#2FA-with-RSA-SecurID

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close