9
You can either manually select the token or automatically assign the token:
•
To manually select the token for the user, click Select Token from List. In the window that
displays, select the serial number for the token and click OK.
•
To automatically assign the token, you can optionally select the method by which to sort the
token: the token's import date, serial number, or expiration date. Then click Unassigned Token
and the RSA Authentication Manager assigns a token to the user. Click OK.
10 Click OK in the Edit User window. The user is added to the RSA Authentication Manager.
11 Give the user their RSA SecurID Authenticator and instructions on how to log in, create a PIN, and user
the RSA SecurID Authenticator. See the Dell SonicWALL Secure Mobile Access User Guide for more
information.
Configuring the VASCO IdentiKey Solution
The VASCO IdentiKey solution works with Secure Mobile Access. The following sections describe how to
configure two-factor authentication using VASCO's IdentiKey version 3.2:
•
Setting the Time on page 191
•
Setting DNS and the Default Route
•
Setting NetExtender Client Address Range and Route
•
Creating a Portal Domain with RADIUS Authentication
•
Configuring a Policy on VASCO IdentiKey
•
Registering the SMA/SRA as a VASCO Client
•
Configuring a VASCO IdentiKey User
•
Importing DIGIPASS
•
Assigning a DIGIPASS to a User
•
Verifying Two-Factor Authentication
NOTE:
This configuration procedure is specific to VASCO IdentiKey version 3.2. If you are using a different
version of VASCO IdentiKey, the procedure is slightly different.
If you are using RSA instead of VASCO, see
Setting the Time
The DIGIPASS token is based on time synchronization. Because the two-factor authentication depends on time
synchronization, it is important that the internal clocks for the SMA/SRA appliance and the VASCO IdentiKey are
set correctly.
Navigate to System > Time on the SMA/SRA appliance to select the correct time zone.
Setting DNS and the Default Route
The default route for the SMA/SRA appliance is an interface on the firewall that corresponds with the DMZ
Zone. The IP address of this firewall DMZ interface needs to be configured as the default route for the SMA/SRA
appliance.
To configure Domain Name Service and the default route:
1
On the Secure Mobile Access management interface, navigate to Network > DNS and set the correct DNS
settings and/ or WINS Settings.
2
Navigate to Network > Routes and set the correct Default Route for the Secure Mobile Access X0
interface.
on page 191
on page 192
on page 193
on page 193
on page 193
on page 193
Configuring the RSA Authentication Manager on page
on page 192
on page 192
on page 192
Dell SonicWALL Secure Mobile Access 8.5
186.
191
Administration Guide