Setting Up RSA SecurID

Share KeePass Passwords with your Team of multiple users

(Versions 7.4+)

Password Server supports authenticating using RSA SecurID as a Two-Factor Provider.

Currently this workflow can be configured using the same steps and same page as the RADIUS Provider.

Password Server Configuration

In Password Server itself, the configuration is simple.

  1. Go to Users and Roles -> Manage Policies -> Click the User Policy name, which policy contains the users you want to authenticate with RSA SecureID.
  2. In the Two Factor Policy section -> Click [Configure] by the RADIUS Provider.
  3. Using the details required by RSA SecurID, fill in the fields:
    • Set Enabled to True
    • Set "User Can Self-Enroll in this Provider"
    • Server Address
    • Server Port
    • Select an Authentication Protocol - enabled for RSA SecurID
    • Shared Secret
  4. Click Save.

Attach and Enroll Users

Additional Users can be attached to this policy by either:

  • Setting a Role policy: from Policies -> Set the Role Policy or Edit -> Set Policy
  • Setting a User's policy: From Manage Users -> Click User name -> Edit -> Change policy
  • Setting it as the Users' default Policy: From Policies -> Edit -> Global Settings -> Set the Default Policy

Disabled: Users attached to the policy will show as disabled, until they are enabled or enrolled or self-enrolled.

Enabling 2FA for a User

Two-Factor Authentication can also be enabled individually for all users you would like to authenticate using RSA SecurID tokens:

  1. Go to Users and Roles > Manage Users -> Click the User name you wish to enable RSA SecurID for.
  2. In the Two Factor Policy section -> Click [Configure] by the RADIUS Provider.
  3. Click the Enable button on that screen. The user will now be prompted for the RSA SecurID token each time they log in.
  4. If RSA SecurID needs to be disabled for a user, you can go back to the previous screen and a Disable button will be present instead of the Enable button.

User Configuration and Self-Enrollment

The prompt is the same: for user configuration setup, and subsequently, for each time they use 2FA:

  • "Please enter the one-time password or secret code."

Configuration error:

  • "RADIUS configuration failed. Please try again"

Token entry error:

  • "Invalid two-factor token. Please try again"