Quantcast
Channel: VMware Communities : Blog List - All Communities
Viewing all articles
Browse latest Browse all 3135

Two-Factor Authentication Configuration in vCenter Server 6.5

$
0
0

This configuration protects the 6.5 external Platform Service Controller using two-factor authentication.

A common LDAP identity source between vCenter Server SSO and the RSA Authentication Manager is required.

=========================================

Configure the RSA Authentication Manager 8.3

=========================================

 

1. Add the Identity Source to the Authentication Manager Operations Console

 

2. Configure the Identity Source Mapping

 


3. Test the connection to the Identity Source

 

 

4. Link the Identity Source

 

 

5. Configure the Default Security Domain Mapping for the Identity Source

 

6.  Assign the Identity Source user account a SecurID Token

NOTE: Ensure that you select the Active Directory Domain from the Identity Source drop-down prior to assigning the user a SecurID Token.

 

 

7.  Download the RSA Authentication Manager server certificate

 

 

8. Add the RSA Authentication Manager server certificate to the Platform Services Controller's Trusted Root Store

 

9. Import the certificate of the LDAP Identity Source to the RSA Authentication Operations Console

 

 

10. Add an Authentication Agent (the external Platform Services Controller)

 

 

 

11. Confirm that the Authentication Agent is listed as "Selected" within the Authentication Manager Contact List

 

12. Add the Hostname and IP Address of the Authentication Manager to the Agent Authentication Settings under Security Console>Setup>System Settings>Agents>To Configure Agents using IPV6, click here"

 

 

13. Generate the Authentication Agent Configuration File (sdconf.rec)

 

 

14. Enable the RSA SecurID Authentication API

 

 

==========================================================

Configure the 6.5 External Platform Services Controller

==========================================================

 

1. Use WinSCP to import the sdconf.rec file to the external Platform Services Controller

 

2. Open an SSH to the Platform Services Controller and login as root

 

3. Change to the directory that contains the sso-config.sh script

Appliance:  /opt/vmware/bin

Windows:  C:\Program Files\VMware\VCenter server\VMware Identity Services

 

4. Enable RSA SecurID Authentication on the tenant

# sso-config.[sh|bat]  -t tenantName  -set_authn_policysecurIDAuthn true

 

For example:

# sso-config.sh -t vsphere.local -set_authn_policy -securIDAuthn true

Note: After you enable RSA SecurID, the checkbox "Use RSA SecurID" will appear in the vSphere Web Client

 

5. Configure the Tenant to use the RSA Site.

# sso-config.[sh|bat] -set_rsa_site [-t tenantName] [-siteID Location] [-agentName Name] [-sdConfFile Path]

 

For Example:

# sso-config.sh -set_rsa_site -t vsphere.local -siteID fed-linpsc.fedlab.local -agentName fed-linpsc.fedlab.local -sdConfFile /tmp/sdconf.rec

6. Set the userID mapping using the attribute configured in the RSA Authentication Manager for the Identity Source

# sso-config.[sh|bat] -set_rsa_userid_attr_map [-t tenantName] [-idsName Name] [-ldapAttrAttrName] [-siteID Location]

 

For Example:

#sso-config.sh -set_rsa_userid_attr_map -t vsphere.local -idsNamefedlab.local -ldapAttruserPrincipalName

 

7. Confirm that the agentName, siteID, and idsUserIDattributemaps are correct

# sso-config.sh -t tenantName -get_rsa_config

 

For Example:

# sso-config.sh -t vsphere.local -get_rsa_config

 

8. Authenticate to vCenter Server using  RSA SecureID

 

 

 

NOTE: User accounts management by vCenter Server SSO (administrator@vsphere.local) cannot use two-factor authentication.

 

REFERENCES:

 

SET UP RSA SECURID AUTHENTICATION

HTTPS://DOCS.VMWARE.COM/EN/VMWARE-VSPHERE/6.0/COM.VMWARE.VSPHERE.SECURITY.DOC/GUID-639F8754-48E1-494B-A232-A8691447C212.HTML

TWO FACTOR AUTHENTICATION FOR VSPHERE – RSA SECURID

HTTPS://BLOGS.VMWARE.COM/VSPHERE/2016/04/TWO-FACTOR-AUTHENTICATION-FOR-VSPHERE-RSA-SECURID.HTML

HTTPS://BLOGS.VMWARE.COM/VSPHERE/2016/04/TWO-FACTOR-AUTHENTICATION-FOR-VSPHERE-RSA-SECURID-PART-2.HTML

 

RSA SETUP GUIDE

HTTPS://COMMUNITY.RSA.COM/DOCS/DOC-85959


Viewing all articles
Browse latest Browse all 3135

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>