How does secondary authentication work after failover to Replica when using RSA SecurID? (4299428)

How does secondary authentication work after failover to Replica when using RSA SecurID?

When TPAM fails over to the Replica and RSA Securid is used as a Secondary Authentication method users experience the inability to log on using their SecurID tokens.

In order to ensure that the Replica device is configured for external Authentication in the event of a fail over the Replica must first be configured as an Authentication Agent on the RSA Server.

To ensure the Replica device is configured as an Authentication Agent on RSA server preform the following steps:

Place the Replica into Primary mode on the HA settings page of the Primary.

1. Navigate to /PARADMIN interface of the Replica, select System Status/Settings -> External Authentication-> Secure ID. This will make the connection between the Appliance and RSA Server.
2. If using a sdopt.rec file which contains client specific IP, then this will need to be uploaded to the Replica. This is because the sdopt.rec file is not replicated from the Primary. It is unique to each authorizing agent.
3. On the RSA server, add the IP of the Replica as an Authorization agent and verify the ports are open to the appliance.
4. Test that the RSA server recognizes the Server and forms the Node Secret.
5. Once this is complete the Replica can be put back in replicating mode from the HA settings page of the Primary and will be ready to perform RSA authentication in the event of a failover.