Upload
abarbate1147
View
214
Download
0
Embed Size (px)
Citation preview
8/3/2019 Eroom_ACE5
1/9 1
RSA SecurID Ready Implementation Guide
Last Modified: 12 March 2002
1. Partner Information
Partner Name eRoom Technology, IncWeb Site www.eroom.comProduct Name eRoomVersion & Platform Version 6.0 (and later) for Windows 2000, Windows NTProduct Description The eRoom digital workplace is a cross-enterprise collaborative
environment that integrates with a company's enterprise systems andplatforms and mission-critical business processes, providing a unifiedenvironment for complex project work and business initiatives.
Product Category Enterprise Collaboration Software
2. Contact Information
Sales Contact Support ContactE-mail [email protected] [email protected] Phone +1.617.497.6300 +1.617.497.6300Web www.eRoom.com www.eRoom.com
8/3/2019 Eroom_ACE5
2/9 2
3. Solution Summary
Feature Details
Authentication Methods Supported Native SecurID
ACE/Agent Library Version 4.2, 5.0
ACE 5 Locking Yes
Replica ACE/Server Support Master/Slave and Full Replica Support.
Secondary RADIUS/TACACS+Server Support
No
Location of Node Secret on Client None stored In Registry
ACE/Server Agent Host Type Net OS
SecurID User Specification Designated users, all users, SecurID as default
SecurID Protection of Administrators No
8/3/2019 Eroom_ACE5
3/9 3
4. Product Requirements
Hardware requirements
Component Name: eRoom Server
CPU make/speed required 733 MHz Pentium (300 MHz Pentium minimum)Memory 256 MB RAMHD space 125 MB free disk space (70 MB Minimum)Firmware level
Component Name: Database Server
CPU make/speed required 733 MHz Pentium (300 MHz Pentium Minimum)Memory 256 MB RAMHD space 1 GB free disk spaceFirmware level
Software requirements
Component Name: eRoom Sever
Operating System Version (Patch-level)Windows NT 4.0 Server Service Pack 6a or higher Windows 2000 Server Windows Advanced Server
Component Name: Database
Operating System Version (Patch-level)Windows NT 4.0 Server Service Pack 6a (or higher)
Windows 2000 Server Windows Advanced Server
8/3/2019 Eroom_ACE5
4/9 4
5. Partner ACE/Agent configuration No special software required for installation beyond the standard eRoom V6 installation. In order to perform the installation, must have eRoom Server Administrator or Facility
Administrator rights, and access to the eRoom Server Administrator page or eRoomFacility Admin page. Accessible via web browser or MMC.
Basic steps required to configure the product for ACE/Agent operation. Install the RSA ACE/Agent on the eRoom application server. Configure it with Network Authentication enabled. Do not install WebID on the eRoom
Server. Reboot the eRoom Application Server. Perform a test authentication from the ACE/Agent to the designated ACE/Server. Insure
that you are able to perform a successful authentication with the ACE/Agent before proceeding.
After confirming that the ACE/Server and ACE/Agent are communicating, open either the eRoom Server Administration Settings page or the eRoom Facility AdministrationSettings page.
If your eRoom server uses RSA SecurID, two checkboxes are enabled in the Passwordssection of the Facility Settings page, and in the Passwords section of the Server Member List Settings page.
On the Server Member List Settings page:o Allow RSA SecurID authentication - When checked, the Member information
page includes a checkbox, visible only to administrators, labeled "Use RSASecurID instead of a password". This option determines whether eRoommembers use RSA SecurID (a security protocol that requires a combination of
personal identification numbers and SecurID card tokens to authenticate users)instead of eRoom passwords to log in to eRoom.
Administrators can set this option for individual members, or use the following checkbox to set the option for all server members. If you set this option for
particular members, the following checkbox has no effect for those individual members.
o New members use RSA SecurID authentication by default - When checked,the "Use RSA SecurID instead of a password" option is turned on for all server members except those for whom it has been turned off manually (in which case,it remains off). Removing the checkmark turns off this option for all facility members except those for whom it has been turned on manually (in which case,it remains on).
On the Facility Settings page:o Allow RSA SecurID authentication - When checked, the Member information
page includes a checkbox, visible only to administrators, labeled "Use RSASecurID instead of a password". This option determines whether members useRSA SecurID instead of eRoom passwords. Administrators can set this optionfor individual members, or use the following checkbox to set the option for all
8/3/2019 Eroom_ACE5
5/9 5
facility members. If you set this option manually, the following checkbox has noeffect for those individual members.
o New members use RSA SecurID authentication by default - When checked,the "Use RSA SecurID instead of a password" option is turned on for all facility members except those individuals for whom it has been turned off (in whichcase, it remains off). Removing the checkmark turns off this option for all facility members except those individuals for whom it has been turned on (in whichcase, it remains on).
References in the products documentation that describe the process of enabling the product for use with ACE/Server.
eRoom Online Help: Facility Administration eRoom Online Help: Server Administration eRoom Online Help: Enterprise Directories eRoom Online Help: Logging into eRoom eRoom Online Help: The eRoom Plug-in eRoom Online Help: eRoom and Microsoft Office 2000 eRoom Online Help: Managing Project Information
Examples of SecurID logon screen.
Default Login Screen
8/3/2019 Eroom_ACE5
6/9 6
Next Token Mode
User-created PINs allowed
User Created PINs required
8/3/2019 Eroom_ACE5
7/9 7
System Generated PIN
8/3/2019 Eroom_ACE5
8/9 8
6. Certification Checklist
Date Tested: February 25, 2002
Product Tested VersionACE/Server 5ACE/Agent 4.2, 5.0eRoom Version 6.0
Test ACE RADIUS
1 st time auth. (node secret creation) P N/A
New PIN mode: System-generated
Non-PINPAD token P N/APINPAD token P N/A
User-defined (4-8 alphanumeric)Non-PINPAD token P N/A
Password P N/AUser-defined (5-7 numeric)
Non-PINPAD token P N/APINPAD token P N/A
SoftID token P N/ADeny 4 digit PIN P N/A
Deny Alphanumeric P N/AUser-selectable Non-PINPAD token P N/A
PINPAD token P N/APASSCODE
16 Digit PASSCODE P N/A4 Digit Password P N/A
Next Tokencode mode Non-PINPAD token P N/A
PINPAD token P N/A
Replica Servers P N/AUser Lock Test (ACE Lock Function) P N/ANo ACE/Server P N/A
Init *P=Pass or Yes F=Fail N/A=Non-available function
8/3/2019 Eroom_ACE5
9/9
9
7. Known Issues Due to security restrictions, logging into eRoom with your SecurID account disables
some of the eRoom Monitor features normally available when you have the eRoom plug-in software installed.
The eRoom Monitor doesn't check for the following information about eRooms on
your My eRooms page: eRoom logo, basic or full project status, and unread information. You are unable to receive eRoom instant messages. You are unable to synchronize eRoom task databases or calendars with Outlook. If,
prior to using SecurID, you listed any task databases or calendars on the Outlook Task Sync tab or the Outlook Calendar Sync tab of the eRoom Monitor Settingsdialog box, the Synchronizer removes them when it scans your eRooms for changes