Setup

Resources

For information and setup help, see the following documentation:

Requirements

To use the connector, you'll need:

  • An RSA SecurID Cloud Authentication license

Configuring the SecurID connector

Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.

Connector configuration

SecurID Authentication API REST URL
Your authentication API URL, such as https://company.auth.securid.com. For help getting your URL, see Copy the SecurID Authentication API REST URL.
Client Key
Your SecurID authentication client key, such as vowc450ahs6nry66vok0pvaizwnfr43ewsqcm7tz. To get a client key, see Add a SecurID Authentication API Key.

Using the connector in a flow

Authenticating users

A screen capture of the complete MFA flow.

This flow allows a user to authenticate with SecurID. It asks the user to enter their user ID in an HTML form, prompts them to select and complete a SecurID authentication method, then shows the results on an HTML page.

Because some authentication methods are completed on the user's mobile device, the flow includes a loop that polls SecurID until the authentication challenge is complete.

  1. Download the SecurID - MFA flow template. For help, see Using DaVinci flow templates.
  2. (Optional) Customize the sign on form.
    A screen capture of the sign on form.
    1. On the flow canvas, select the Sign On node.
    2. In the Fields List, customize the Display Name to help your users enter their identifier correctly, depending on whether your organization uses a name, ID, or email address.
      Tip:

      The ID entered must match a user in one of the identity sources you have configured in SecurID. For more information, see Identity Sources for the Cloud Authentication Service.

  3. (Optional) Customize the assurance policy:
    1. On the flow canvas, select the Multi-Factor Authentication (SecurID) node.
    2. In the Assurance Policy Name field, enter the policy you want to use, such as All Users Low Assurance Level.
      Tip:

      See your policy names in SecurID by going to Access > Policies.

      A screen shot of the Policies page in SecurID.
      Note:

      You can set this value dynamically by clicking {} and selecting a variable from another node in your flow.

  4. (Optional) Customize the default Select Authentication Method interface.
    A screen capture of the select authentication method interface.
    1. On the flow canvas, select the User Verification (SecurID) node.
    2. On the Select Authentication tab, modify the HTML Template, CSS, and Script fields.
      Tip:
      • Click Switch View to see the HTML formatted with syntax highlighting.
      • Click the Maximize (A screen capture of the Maximize icon.) icon to give yourself more room to work.
      • To access a variety of useful tools, right-click the field when you're in syntax highlighting mode (dark background).
  5. (Optional) Customize the default SecurID Token Code interface on the SecurID Token Code tab.
    A screen capture of the default SecurID token code input interface.
  6. (Optional) Customize the default Emergency Access Token Code interface on the Emergency Access Token Code tab.
    A screen capture of the default emergency access token code input interface.
  7. (Optional) Customize the default Check Your Device interface.
    A screen capture of the Check Your Device interface.
    1. On the flow canvas, select the Check Your Device node.
    2. Modify the Message Title, Message, and other fields.
  8. Test the flow by clicking Save, Deploy, and Try Flow.

Capabilities

Multi-Factor Authentication (MFA)

Get the user's authentication methods and start the authentication process.

Properties
User Identifier textField

The unique identifier for the user, such as an email, account name, user ID.

Assurance Policy Name textField

The name of your SecurID policy, such as "All Users Low Assurance Level".

Keep Record toggleSwitch

When enabled, SecurID keeps a record of each completed transaction.

Authentication Attempt Timeout textField

A number in seconds representing how long the server will keep the authentication attempt ID available after each call. During this time is is possible to make other calls using the "authnAttemptId". The server may reject initialization requests if the value provided is beyond the allowable maximum. Defaults to a server-defined session lifetime. Optional.

Input Schema
default object
subjectName string required
assurancePolicyId string required
apiUrl string required
clientKey string required
Output Schema
output object
headers object
properties object
vary string
cache-control string
content-type string
strict-transport-security string
date string
keep-alive string
expires string
x-xss-protection string
pragma string
transfer-encoding string
x-content-type-options string
connection string
x-frame-options string
status integer
data object
properties object
context object
properties object
authnAttemptId string
messageId string
inResponseTo string
credentialValidationResults array
items array
0 object
properties object
methodId string
methodResponseCode string
methodReasonCode string
authnAttributes array
attemptResponseCode string
attemptReasonCode string
challengeMethods object
properties object
challenges array
items array
0 object
properties object
methodSetId string
requiredMethods array
items array
0 object
properties object
methodId string
displayName string
priority integer
versions array
items array
0 object
properties object
versionId string
methodAttributes array
items array
0 object
properties object
name string
value string
dataType string
valueRequired boolean
referenceId null
prompt object
properties object
promptResourceId string
defaultText string
formatRegex null
defaultValue null
valueBeingDefined boolean
sensitive boolean
minLength null
maxLength null
promptArgs array
User Verification

Prompt the user to select a method and complete the authentication process.

Input Schema
default object
apiUrl string required
clientKey string required
Output Schema
output object
challenge string
headers object
properties object
vary string
cache-control string
content-type string
strict-transport-security string
date string
keep-alive string
expires string
x-xss-protection string
pragma string
transfer-encoding string
x-content-type-options string
connection string
x-frame-options string
status integer
data object
properties object
context object
properties object
authnAttemptId string
messageId string
inResponseTo string
credentialValidationResults array
items array
0 object
properties object
methodId string
methodResponseCode string
methodReasonCode string
authnAttributes array
attemptResponseCode string
attemptReasonCode string
challengeMethods object
properties object
challenges array
items array
0 object
properties object
methodSetId string
requiredMethods array
items array
0 object
properties object
methodId string
displayName string
priority integer
versions array
items array
0 object
properties object
versionId string
methodAttributes array
items array
0 object
properties object
name string
value string
dataType string
valueRequired boolean
referenceId null
prompt object
properties object
promptResourceId string
defaultText string
formatRegex null
defaultValue null
valueBeingDefined boolean
sensitive boolean
minLength null
maxLength null
promptArgs array
Verify Polling

Use this to poll from securid

Input Schema
default object
apiUrl string required
clientKey string required
Output Schema
output object
result string