Configure RSA
SecurID soft token authentication
RSA
SecurID
soft token authenticationBlackBerry Access for iOS
and Android
devices supports RSA
SecurID
soft token authentication. The software consists of an app and a
separately installed, software-based security token that transfers password protection
and authentication delegation to Good for Enterprise
.BlackBerry Access
contains an embedded RSA
SecurID
authenticator that can generate and display a 6-digit or
8-digit tokencode at 30 or 60 second intervals.- To start a user’sRSA SecurIDsoftware authenticator, provision anRSA SecurIDsoftware token seed record and send it to the user in an email so that they can import the seed record intoBlackBerry Access.
- Configure an RSA SecurID application policy in BlackBerry UEM or Configure an RSA SecurID application policy in Good Control. The policy includes the email address of anRSA Authentication Manageradministrator who is responsible for assigning and delivering software token seed records.
- Generate the Compressed Token Format URL with theRSA Authentication Manager. Replace the protocol portion of the URL to send an HTTP URL toGood for Enterpriseso that it can import theRSAtoken intoBlackBerry Access:
- Change thecom.rsa.securid://ctf?ctfData=numeric_stringorcustom_url_scheme://ctf?ctfData=numeric_stringtohttp://ctf?ctfData=numeric_string.The URL is case sensitive:ctfDatamust be mixed case, as shown.
- The seed record must be delivered in an .sdtid file or a Compressed Token Format URL. The user imports the seed record intoBlackBerry Access.
- A user that hasBlackBerry Accessalready activated on their device opens the email message and clicks theRSAtoken to install it inBlackBerry Access.
- TheRSAadministrator assigns a software token to the user, binds it to the user’s device ID, and sends the seed record to the user in a Compressed Token Format URL format.
- The user opens the seed record inBlackBerry Access.
- BlackBerry Accessimports the seed record and instantiates theRSA SecurIDauthenticator.