VMware: Using the vCenter Login Banner for RSA SecurID support
In vSphere 6.0 Update 2 we added the capability to use RSA SecurID for two-factor authentication (2FA) in to the web client (only). I wrote about that in a two part blog series. Part 1 and Part 2
I recently got an email from a customer asking me about the implementation of the RSA SecurID Agent in vSphere and that prompted this blog.
The initial inquiry was around SecurID PIN resets and the customer asked: “It seems like vSphere doesn’t support PIN resets. How can I help my folks who are logging in to vCenter if their PIN is expired?”
In this blog I’ll show you how editing the Login Banner can help you get your users to the right page to reset their RSA SecurID PIN.
RSA Authentication Agents Overview
In general terms, the component that speaks to the RSA Authentication Manager on the object you are protecting is called an RSA Authentication Agent. This comes in a number of forms. RSA supplies their own agent software for popular web servers and applications. They also provide Agent libraries for 3rd parties like VMware to integrate into their own solutions, like vCenter or VMware Horizon View.
If you install RSA’s web agents on Apache or IIS, it comes pre-loaded with a bunch of pages that manage PIN expiration and resetting. If you log in to a website protected by SecurID and your PIN has expired, it will lead you through a workflow to reset the PIN. See the example below:
Read the entire article here, Using the vCenter Login Banner for RSA SecurID support
via the fine folks at VMware!