SecurID Connector
The SecurID connector lets you use RSA SecurID for multi-factor authentication (MFA) in your PingOne DaVinci flow.
Setup
Resources
For information and setup help, see the following:
-
SecurID documentation
-
DaVinci documentation:
Configuring the SecurID connector
Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.
Connector configuration
SecurID Authentication API REST URL
Your authentication API URL, such as https://company.auth.securid.com
. For help getting your URL, see Copy the SecurID Authentication API REST URL.
Client Key
Your SecurID authentication client key, such as vowc450ahs6nry66vok0pvaizwnfr43ewsqcm7tz
. To get a client key, see Add a SecurID Authentication API Key.
Using the connector in a flow
Authenticating users
This flow allows a user to authenticate with SecurID. It asks the user to enter their user ID in an HTML form, prompts them to select and complete a SecurID authentication method, then shows the results on an HTML page.
Because some authentication methods are completed on the user’s mobile device, the flow includes a loop that polls SecurID until the authentication challenge is complete.
-
Download the SecurID - MFA flow template. For help, see Using DaVinci flow templates.
-
(Optional) Customize the sign on form.
-
On the flow canvas, select the Sign On node.
-
In the Fields List, customize the Display Name to help your users enter their identifier correctly, depending on whether your organization uses a name, ID, or email address.
The ID entered must match a user in one of the identity sources you have configured in SecurID. For more information, see Identity Sources for the Cloud Authentication Service.
-
-
(Optional) Customize the assurance policy:
-
On the flow canvas, select the Multi-Factor Authentication (SecurID) node.
-
In the Assurance Policy Name field, enter the policy you want to use, such as
All Users Low Assurance Level
.See your policy names in SecurID by going to Access → Policies.
You can set this value dynamically by clicking {} and selecting a variable from another node in your flow.
-
-
(Optional) Customize the default Select Authentication Method interface.
-
On the flow canvas, select the User Verification (SecurID) node.
-
On the Select Authentication tab, modify the HTML Template, CSS, and Script fields.
-
Click Switch View to see the HTML formatted with syntax highlighting.
-
Click the Maximize() icon to give yourself more room to work.
-
To access a variety of useful tools, right-click the field when you’re in syntax highlighting mode (dark background).
-
-
-
(Optional) Customize the default SecurID Token Code interface on the SecurID Token Code tab.
-
(Optional) Customize the default Emergency Access Token Code interface on the Emergency Access Token Code tab.
-
(Optional) Customize the default Check Your Device interface.
-
On the flow canvas, select the Check Your Device node.
-
Modify the Message Title, Message, and other fields.
-
-
Test the flow by clicking Save, Deploy, and Try Flow.
Capabilities
Multi-Factor Authentication (MFA)
Get the user’s authentication methods and start the authentication process.
Show details
Properties
- User Identifier
textField
-
The unique identifier for the user, such as an email, account name, user ID.
- Assurance Policy Name
textField
-
The name of your SecurID policy, such as "All Users Low Assurance Level".
- Keep Record
toggleSwitch
-
When enabled, SecurID keeps a record of each completed transaction.
- Authentication Attempt Timeout
textField
-
A number in seconds representing how long the server will keep the authentication attempt ID available after each call. During this time is is possible to make other calls using the "authnAttemptId". The server may reject initialization requests if the value provided is beyond the allowable maximum. Defaults to a server-defined session lifetime. Optional.
Input Schema
- default
object
-
- subjectName
string
required
- assurancePolicyId
string
required
- apiUrl
string
required
- clientKey
string
required
- subjectName
- Output Schema
- output
object
-
- headers
object
- properties
object
- headers
- vary
string
- cache-control
string
- content-type
string
- strict-transport-security
string
- date
string
- keep-alive
string
- expires
string
- x-xss-protection
string
- pragma
string
- transfer-encoding
string
- x-content-type-options
string
- connection
string
- x-frame-options
string
-
- status
integer
- data
object
- properties
object
- status
- context
object
- properties
object
- authnAttemptId
string
- messageId
string
- inResponseTo
string
- credentialValidationResults
array
- items
array
- 0
object
- properties
object
-
- methodId
string
- methodResponseCode
string
- methodReasonCode
string
- authnAttributes
array
- methodId
- attemptResponseCode
string
- attemptReasonCode
string
- challengeMethods
object
- properties
object
- challenges
array
- items
array
-
- 0
object
- properties
object
- 0
- methodSetId
string
- requiredMethods
array
- items
array
- 0
object
- properties
object
-
- methodId
string
- displayName
string
- priority
integer
- versions
array
- items
array
- methodId
0 object
properties object
versionId string
methodAttributes array
items array
0 object
properties object
name string
value string
dataType string
valueRequired boolean
referenceId null
prompt object
properties object
promptResourceId string
defaultText string
formatRegex null
defaultValue null
valueBeingDefined boolean
sensitive boolean
minLength null
maxLength null
promptArgs array
User Verification
Prompt the user to select a method and complete the authentication process.
Show details
Input Schema
- default
object
-
- apiUrl
string
required
- clientKey
string
required
- apiUrl
- Output Schema
- output
object
-
- challenge
string
- headers
object
- properties
object
- challenge
- vary
string
- cache-control
string
- content-type
string
- strict-transport-security
string
- date
string
- keep-alive
string
- expires
string
- x-xss-protection
string
- pragma
string
- transfer-encoding
string
- x-content-type-options
string
- connection
string
- x-frame-options
string
-
- status
integer
- data
object
- properties
object
- status
- context
object
- properties
object
- authnAttemptId
string
- messageId
string
- inResponseTo
string
- credentialValidationResults
array
- items
array
- 0
object
- properties
object
-
- methodId
string
- methodResponseCode
string
- methodReasonCode
string
- authnAttributes
array
- methodId
- attemptResponseCode
string
- attemptReasonCode
string
- challengeMethods
object
- properties
object
- challenges
array
- items
array
-
- 0
object
- properties
object
- 0
- methodSetId
string
- requiredMethods
array
- items
array
- 0
object
- properties
object
-
- methodId
string
- displayName
string
- priority
integer
- versions
array
- items
array
- methodId
0 object
properties object
versionId string
methodAttributes array
items array
0 object
properties object
name string
value string
dataType string
valueRequired boolean
referenceId null
prompt object
properties object
promptResourceId string
defaultText string
formatRegex null
defaultValue null
valueBeingDefined boolean
sensitive boolean
minLength null
maxLength null
promptArgs array