Pulse Secure Desktop ClientAuthentication Types

RSA Authentication

RSA Authentication Manager (formerly known as ACE/Server) is an authentication and authorization server that allows user authentication based on credentials from the RSA SecurID® product from RSA Security Inc.

When you use RSA Authentication Manager as the authentication and authorization service for your Pulse Secure access management framework, users can sign into PPS using the same username and password stored in the backend server.

Method

Action

Using a hardware token and the standard system sign-in page

The user browses to the standard system sign-in page, and then enters the username and password (consisting of the concatenation of the PIN and the RSA SecurID hardware token’s current value). The system then forwards the user’s credentials to the authentication server.

Using a software token and the custom SoftID system sign-in page

The user browses to the SoftID custom sign-in page. Then, using the SoftID plug-in, the user enters the username and PIN. The SoftID plug-in generates a passphrase by concatenating the user’s PIN and token and passes the passphrase to the authentication server.

If the RSA Authentication Manager positively authenticates the user, the user gains access to the system. Otherwise, the RSA Authentication Manager:

Denies the user access to the system.

Prompts the user to generate a new PIN (New PIN mode) if the user is signing into the system for the first time. Users see different prompts depending on the method they use to sign in.

If the user signs in using the SoftID plug-in, then the RSA prompts the user to create a new pin; otherwise PPS prompts the user to create a new PIN.

Prompts the user to enter the next token (Next Token mode) if the token entered by the user is out of sync with the token expected by RSA Authentication Manager. Next Token mode is transparent to users signing in using a SoftID token. The RSA SecurID software passes the token through the system to RSA Authentication Manager without user interaction.

·Redirects the user to the standard system sign-in page (SoftID only) if the user tries to sign-in to the RSA SecurID Authentication page on a computer that does not have the SecurID software installed.