Hitachi ID Systems, Inc.

Hitachi

Technology Platform Support RSA SecurID

Headlines

Hitachi, Ltd. acquires M-Tech Information Technology, Inc. ... More»

RSA SecurID Integration

SecurID Token Management

ID-Synch® can validate current RSA SecurID token pass-codes using either a RADIUS service or using the RSA Authentication Manager agent, installed on the ID-Synch server. Users can sign into ID-Synch with this form of authentication, rather than passwords, Q-A (Question-and-Answer) profiles, etc.

ID-Synch can manage RSA SecurID tokens, with operations such as clear PIN, PIN reset, enable or disable token, set or clear emergency access mode and clock synchronization. These operations are available both in self service web or IVR (interactive voice response) or to a help desk analyst.

SecurID token management depends on an administrative API (application programming interface) (apidemon) which is only available locally on the RSA Authentication Manager. As a result, a local ID-Synch agent is mandatory on the RSA Authentication Manager. This agent is available for Win32, Solaris and HPUX.

In addition to managing existing tokens, ID-Synch can manage physical inventories of RSA SecurID tokens, can provision tokens to users, activate them on delivery, instruct a person designated as manager of a particular box of tokens to deliver a given token, by serial number, to its designated new owner and can deactivate, deprovision and return tokens to inventory.

Inventory Management in General

ID-Synch includes an inventory management capability, which consists of:

  1. Definitions of object types (e.g., tokens, smart cards, building access badges, computers, telephones, etc.).
  2. Definitions of locations where physical objects may be stored.
  3. Inventories of objects organized by type and location, where each object is uniquely identified by serial number and assigned a state and owner (e.g., available, enabled, disabled, assigned to user, revoked, pending delivery, pending retrieval, etc.).
  4. Inventory managers, authorized to allocate specific types of objects at specific locations.
  5. Implementers, responsible for physically delivering objects to and collecting objects from users.

ID-Synch can import CSV files with data about large quantities of objects -- for examples cases of new tokens or badges.

ID-Synch is designed to track objects through their lifetime, from acquisition, through storage, activation, user allocation, delivery to users, deactivation, recovery from users, etc. The built-in ID-Synch workflow engine supports this entire lifecycle, with front-ends for object request, authorization, automated or manual allocation of a specific object, etc.

Plug-in points are exposed by ID-Synch, to allow _CUST to automate activation and deactivation tasks, such as enabling or disabling a telephone number, network port, building access badge or token.

ID-Synch can be used to report on inventories of objects by type, location or state. It can also be used to report on objects allocated to users.

ID-Synch also exposes plug-in points where it can access inventory data in an external system, such as an asset management application, rather than managing inventory data internally. In some organizations, high-value objects, such as computers or desks, may be tracked in an asset management system, to support depreciation and insurance calculations, while low-cost items, such as tokens or badges, will be managed individually in ID-Synch, to support physical management without the burden of financial modeling for each micro-asset.