Eroom_ACE5

Embed Size (px)

Citation preview

  • 8/3/2019 Eroom_ACE5

    1/9 1

    RSA SecurID Ready Implementation Guide

    Last Modified: 12 March 2002

    1. Partner Information

    Partner Name eRoom Technology, IncWeb Site www.eroom.comProduct Name eRoomVersion & Platform Version 6.0 (and later) for Windows 2000, Windows NTProduct Description The eRoom digital workplace is a cross-enterprise collaborative

    environment that integrates with a company's enterprise systems andplatforms and mission-critical business processes, providing a unifiedenvironment for complex project work and business initiatives.

    Product Category Enterprise Collaboration Software

    2. Contact Information

    Sales Contact Support ContactE-mail [email protected] [email protected] Phone +1.617.497.6300 +1.617.497.6300Web www.eRoom.com www.eRoom.com

  • 8/3/2019 Eroom_ACE5

    2/9 2

    3. Solution Summary

    Feature Details

    Authentication Methods Supported Native SecurID

    ACE/Agent Library Version 4.2, 5.0

    ACE 5 Locking Yes

    Replica ACE/Server Support Master/Slave and Full Replica Support.

    Secondary RADIUS/TACACS+Server Support

    No

    Location of Node Secret on Client None stored In Registry

    ACE/Server Agent Host Type Net OS

    SecurID User Specification Designated users, all users, SecurID as default

    SecurID Protection of Administrators No

  • 8/3/2019 Eroom_ACE5

    3/9 3

    4. Product Requirements

    Hardware requirements

    Component Name: eRoom Server

    CPU make/speed required 733 MHz Pentium (300 MHz Pentium minimum)Memory 256 MB RAMHD space 125 MB free disk space (70 MB Minimum)Firmware level

    Component Name: Database Server

    CPU make/speed required 733 MHz Pentium (300 MHz Pentium Minimum)Memory 256 MB RAMHD space 1 GB free disk spaceFirmware level

    Software requirements

    Component Name: eRoom Sever

    Operating System Version (Patch-level)Windows NT 4.0 Server Service Pack 6a or higher Windows 2000 Server Windows Advanced Server

    Component Name: Database

    Operating System Version (Patch-level)Windows NT 4.0 Server Service Pack 6a (or higher)

    Windows 2000 Server Windows Advanced Server

  • 8/3/2019 Eroom_ACE5

    4/9 4

    5. Partner ACE/Agent configuration No special software required for installation beyond the standard eRoom V6 installation. In order to perform the installation, must have eRoom Server Administrator or Facility

    Administrator rights, and access to the eRoom Server Administrator page or eRoomFacility Admin page. Accessible via web browser or MMC.

    Basic steps required to configure the product for ACE/Agent operation. Install the RSA ACE/Agent on the eRoom application server. Configure it with Network Authentication enabled. Do not install WebID on the eRoom

    Server. Reboot the eRoom Application Server. Perform a test authentication from the ACE/Agent to the designated ACE/Server. Insure

    that you are able to perform a successful authentication with the ACE/Agent before proceeding.

    After confirming that the ACE/Server and ACE/Agent are communicating, open either the eRoom Server Administration Settings page or the eRoom Facility AdministrationSettings page.

    If your eRoom server uses RSA SecurID, two checkboxes are enabled in the Passwordssection of the Facility Settings page, and in the Passwords section of the Server Member List Settings page.

    On the Server Member List Settings page:o Allow RSA SecurID authentication - When checked, the Member information

    page includes a checkbox, visible only to administrators, labeled "Use RSASecurID instead of a password". This option determines whether eRoommembers use RSA SecurID (a security protocol that requires a combination of

    personal identification numbers and SecurID card tokens to authenticate users)instead of eRoom passwords to log in to eRoom.

    Administrators can set this option for individual members, or use the following checkbox to set the option for all server members. If you set this option for

    particular members, the following checkbox has no effect for those individual members.

    o New members use RSA SecurID authentication by default - When checked,the "Use RSA SecurID instead of a password" option is turned on for all server members except those for whom it has been turned off manually (in which case,it remains off). Removing the checkmark turns off this option for all facility members except those for whom it has been turned on manually (in which case,it remains on).

    On the Facility Settings page:o Allow RSA SecurID authentication - When checked, the Member information

    page includes a checkbox, visible only to administrators, labeled "Use RSASecurID instead of a password". This option determines whether members useRSA SecurID instead of eRoom passwords. Administrators can set this optionfor individual members, or use the following checkbox to set the option for all

  • 8/3/2019 Eroom_ACE5

    5/9 5

    facility members. If you set this option manually, the following checkbox has noeffect for those individual members.

    o New members use RSA SecurID authentication by default - When checked,the "Use RSA SecurID instead of a password" option is turned on for all facility members except those individuals for whom it has been turned off (in whichcase, it remains off). Removing the checkmark turns off this option for all facility members except those individuals for whom it has been turned on (in whichcase, it remains on).

    References in the products documentation that describe the process of enabling the product for use with ACE/Server.

    eRoom Online Help: Facility Administration eRoom Online Help: Server Administration eRoom Online Help: Enterprise Directories eRoom Online Help: Logging into eRoom eRoom Online Help: The eRoom Plug-in eRoom Online Help: eRoom and Microsoft Office 2000 eRoom Online Help: Managing Project Information

    Examples of SecurID logon screen.

    Default Login Screen

  • 8/3/2019 Eroom_ACE5

    6/9 6

    Next Token Mode

    User-created PINs allowed

    User Created PINs required

  • 8/3/2019 Eroom_ACE5

    7/9 7

    System Generated PIN

  • 8/3/2019 Eroom_ACE5

    8/9 8

    6. Certification Checklist

    Date Tested: February 25, 2002

    Product Tested VersionACE/Server 5ACE/Agent 4.2, 5.0eRoom Version 6.0

    Test ACE RADIUS

    1 st time auth. (node secret creation) P N/A

    New PIN mode: System-generated

    Non-PINPAD token P N/APINPAD token P N/A

    User-defined (4-8 alphanumeric)Non-PINPAD token P N/A

    Password P N/AUser-defined (5-7 numeric)

    Non-PINPAD token P N/APINPAD token P N/A

    SoftID token P N/ADeny 4 digit PIN P N/A

    Deny Alphanumeric P N/AUser-selectable Non-PINPAD token P N/A

    PINPAD token P N/APASSCODE

    16 Digit PASSCODE P N/A4 Digit Password P N/A

    Next Tokencode mode Non-PINPAD token P N/A

    PINPAD token P N/A

    Replica Servers P N/AUser Lock Test (ACE Lock Function) P N/ANo ACE/Server P N/A

    Init *P=Pass or Yes F=Fail N/A=Non-available function

  • 8/3/2019 Eroom_ACE5

    9/9

    9

    7. Known Issues Due to security restrictions, logging into eRoom with your SecurID account disables

    some of the eRoom Monitor features normally available when you have the eRoom plug-in software installed.

    The eRoom Monitor doesn't check for the following information about eRooms on

    your My eRooms page: eRoom logo, basic or full project status, and unread information. You are unable to receive eRoom instant messages. You are unable to synchronize eRoom task databases or calendars with Outlook. If,

    prior to using SecurID, you listed any task databases or calendars on the Outlook Task Sync tab or the Outlook Calendar Sync tab of the eRoom Monitor Settingsdialog box, the Synchronizer removes them when it scans your eRooms for changes