Moka5
Moka5


Configure RSA SecurID for MokaFive Player/Console   « Go Back
Table of Contents
- Summary
- Pre-Requisites
- Steps

Summary

This article provides instructions for configuring the Moka5 Suite with RSA SecurID Authentication. Moka5 Suite integrates with RSA SecurID to provide two-factor authentication for Moka5 Player.

Solution

RSA SecurID is a popular two-factor authentication solution. MokaFive Enterprise Server introduces the ability to integrate with RSA Authentication Manager, allowing organizations to require a RSA SecurID passcode in addition to directory services login.

The RSA integration is designed to augment standard authentication for users that are accessing their Players while outside your corporate network. The MokaFive Application Gateway integrates with RSA Authentication Manager, and, if enabled, will validate each user authentication with RSA before allowing those users to connect with the MokaFive Management Server.

Pre-Requisites
  • Fully configured Moka5 Suite environment (3.16 or newer)
    • Moka5 Management Server (integrated with Active Directory)
    • Moka5 Desktop Application Gateway Server
    • LivePC image deployed to an endpoint (Mac, Windows, or BareMetal)
  • RSA SecurID Server
  • Cisco VPN 5.0.x (integrated with RSA SecurID)
Steps

Setup

Configuring the RSA agent on the Moka5 Desktop Gateway Server

  1. Open a web browser and enter the URL for the Desktop App Gateway’s iconfig page.
    • https://< Desktop Gateway>/iconfig, where <Desktop Gateway> can be
      • FQDN hostname of the server
      • - OR - IP address of the server
      • - OR - localhost, if you are connected to the server using remote desktop
  2. Login to iconfig with the bootstrap administrator account (this is the local account you created when you first installed the Moka5 Desktop Application Gateway Server.)
  3. Go to Settings tab > Authentication panel > click Edit Settings.
  4. Click Choose File to upload a (RSA Agent) server configuration file.
  5. Obtain this file (sdconf.rec) from your RSA server.
  6. Click the Upload button.
  7. Test the connection.
    • Input username and passcode (use an account that has been configured on the RSA server)
    • Click Test
    • Green banner = success
    • Click Done
  8. Click the Enable button (from this point forward, all Moka5 authentication requests that come to the Desktop Application Gateway Server will be prompted for RSA SecurID authentication.)
  9. Click the Restart Now button.
The configuration is now complete.

Changing Your RSA PIN

RSA policy can be configured to require users to change their PIN. This section describes the procedure to change the existing PIN.
  1. Launch the Cisco VPN client.
  2. Connect using the VPN profile that is integrated with RSA.
  3. You will be prompted to enter:
    • Username
    • Passcode (or PIN+Passcode, depending on RSA policy)
  4. The VPN client will prompt you to change your PIN.
  5. Enter a new PIN, confirm the PIN, then click Done.

Logging in to Moka5 Player with RSA SecureID

Use the following steps to log in to Moka5 Player with RSA SecureID, when connecting from outside the corporate network.
  1. Launch Moka5 Player.
  2. Enter your AD username (first time login only).
  3. Enter your AD password.
  4. Enter your RSA passcode (or PIN+passcode, depending on RSA policy).
  5. Moka5 Player will open and you can start your LivePC.