Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
191
9 You can either manually select the token or automatically assign the token:
• To manually select the token for the user, click Select Token from List. In the window that
displays, select the serial number for the token and click OK.
• To automatically assign the token, you can optionally select the method by which to sort the
token: the token’s import date, serial number, or expiration date. Then click Unassigned Token
and the RSA Authentication Manager assigns a token to the user. Click OK.
10 Click OK in the Edit User window. The user is added to the RSA Authentication Manager.
11 Give the user their RSA SecurID Authenticator and instructions on how to log in, create a PIN, and user
the RSA SecurID Authenticator. See the Dell SonicWALL Secure Mobile Access User Guide for more
information.
Configuring the VASCO IdentiKey Solution
The VASCO IdentiKey solution works with Secure Mobile Access. The following sections describe how to
configure two-factor authentication using VASCO’s IdentiKey version 3.2:
• Setting the Time on page 191
• Setting DNS and the Default Route on page 191
• Setting NetExtender Client Address Range and Route on page 192
• Creating a Portal Domain with RADIUS Authentication on page 192
• Configuring a Policy on VASCO IdentiKey on page 192
• Registering the SMA/SRA as a VASCO Client on page 192
• Configuring a VASCO IdentiKey User on page 193
• Importing DIGIPASS on page 193
• Assigning a DIGIPASS to a User on page 193
• Verifying Two-Factor Authentication on page 193
If you are using RSA instead of VASCO, see Configuring the RSA Authentication Manager on page 186.
Setting the Time
The DIGIPASS token is based on time synchronization. Because the two-factor authentication depends on time
synchronization, it is important that the internal clocks for the SMA/SRA appliance and the VASCO IdentiKey are
set correctly.
Navigate to System > Time on the SMA/SRA appliance to select the correct time zone.
Setting DNS and the Default Route
The default route for the SMA/SRA appliance is an interface on the firewall that corresponds with the DMZ
Zone. The IP address of this firewall DMZ interface needs to be configured as the default route for the SMA/SRA
appliance.
To configure Domain Name Service and the default route:
1 On the Secure Mobile Access management interface, navigate to Network > DNS and set the correct DNS
settings and/ or WINS Settings.
2 Navigate to Network > Routes and set the correct Default Route for the Secure Mobile Access X0
interface.
NOTE: This configuration procedure is specific to VASCO IdentiKey version 3.2. If you are using a different
version of VASCO IdentiKey, the procedure is slightly different.
To Next Page
Loading...
