Authentication options in Mobile Admin

The Authentication Options page displays the various authentication options available for Mobile Admin. The authentication options available for Mobile Admin are:

  • Windows Authentication
  • RADIUS
  • RSA SecurID

All procedures in this section assume that you selected Authentication Options from the Mobile Admin Options page.

If you run Mobile Admin on a host with FIPS enabled, you cannot select RADIUS authentication.

Authentication method

The Authentication Method page displays configuration options used to set up authentication. hoose a primary form of authentication that each user must enter to log in to the Mobile Admin application, no matter what other forms of authentication (such as device-level, or RSA SecurID) that you may configure for the user. You can configure how frequently a user is required to enter primary login authentication information. For example, you can configure Mobile Admin to require the primary login every time a user opens the Mobile Admin Client, or after time-out intervals that you specify.

Choose a primary login authentication method from the following options:

  • Windows user name and password
  • Mobile Admin-specific username and password

Windows user name and password authentication

You can configure administrative access to Mobile Admin Server using the Windows user settings for your network. Using this option, users enter their Windows user name and password to log in to Mobile Admin.

If you choose to use the Windows settings, you can configure Mobile Admin users to have access to the same servers and services in Mobile Admin as they do in your network or a subset of the servers and services they have permissions to manage in your network.

Mobile Admin user name and password authentication

If you decide not to use Windows login data for Mobile Admin, you can configure administrative access to Mobile Admin Server that is specific to Mobile Admin. Because Mobile Admin includes Windows security, you must specify at least one Windows account for the Mobile Admin Server to use to authenticate Mobile Admin users when a user logs in with their Mobile Admin-specific username and password.

If you specify one Windows account, Mobile Admin will use this account as the default Windows authentication for all Mobile Admin users when they enter their Mobile Admin-specific username and password. However, for each user, you can choose to either use the default Windows account or use any other Windows account. You can also configure or limit access to specific network servers, as long as these servers are a subset of the servers that the associated Windows account has permission to manage.

There are several ways to configure user access to your network if you choose to use Mobile Admin-specific passwords. The following sample configurations provide some examples.

Sample configuration 1

  1. In Mobile Admin, set up one existing Windows account as the default account for Mobile Admin with a wide range of permissions, such as a domain administrator or administrator account.
  2. In Mobile Admin, add users, and set up Mobile Admin-specific passwords for each user.
  3. In Mobile Admin, configure access for each user to an appropriate subset of network servers.

Sample configuration 2

  1. In Windows, create a specific Windows account that includes the permissions for all Mobile Admin users.
  2. In Mobile Admin, set up the new Windows account as the default account for Mobile Admin.
  3. In Mobile Admin, add users and set up Mobile Admin-specific passwords for each user.

Sample configuration 3

  1. In Windows, create a specific Windows account with the permissions you want most Mobile Admin users to have.
  2. In Mobile Admin, set up the new account as the default account for Mobile Admin.
  3. In Mobile Admin, add users and set up Mobile Admin-specific passwords for each.
  4. For users who require different permissions than the default Windows account, configure these users to use separate Windows accounts to authenticate with Mobile Admin.

Configuring Windows or Mobile Admin password authentication

  1. In the Authentication Options screen, click Authentication Method.
  2. In the Authentication Type drop-down menu, select an authentication type.
  3. Complete the text fields, and click Save.

RADIUS authentication (Mobile Admin Professional and ProPlus)

Mobile Admin supports RADIUS authentication, unless Mobile Admin Server is installed on a host enabled with FIPS. RADIUS authentication allows Mobile Admin to act as a RADIUS client or RADIUS device for a RADIUS server and authentication system, such as SafeWord.

Enabling and disabling RSA SecurID authentication

To enable or disable RSA authentication, install the RSA security agent on the same computer as the Mobile Admin Server. For more information about using RSA SecurID Authentication, see the RSA website at www.rsa.com.

After you enable RSA SecurID authentication, you are automatically logged out of Mobile Admin. You will be required to enter your RSA SecurIDlogin information to log back in.

Enable RSA SecurID

  1. In the Authentication Options screen, click RSA SecurID.
  2. Select the Enable RSA SecurID check box.
  3. Click Save.

Disable RSA SecurID

  1. In the Authentication Options screen, click RSA SecurID.
  2. Clear the Enable RSA SecurID check box.
  3. Click Save.