rsa adaptive authentication (on-premise) 7.0 product

RSA® Adaptive Authentication (On-Premise) 7.0

Product Overview Guide

Copyright © 2012 EMC Corporation. All Rights Reserved. Published in the USA.September 2012

Contact Information

Go to the RSA corporate website for regional Customer Support telephone and fax numbers:www.emc.com/domains/rsa/index.htm

Trademarks

RSA, the RSA Logo, eFraudNetwork, BSAFE and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa.

License agreement

This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.

No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.

This software is subject to change without notice and should not be construed as a commitment by EMC.

Note on encryption technologies

This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product.

Distribution

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

www.rsa.com

Contents 3

RSA Adaptive Authentication (On-Premise) 7.0 Product Overview Guide

Contents

Preface................................................................................................................................... 5About This Guide................................................................................................................ 5

Support and Service ............................................................................................................ 5

Before You Call Customer Support............................................................................. 5

Chapter 1: Introduction to RSA Adaptive Authentication (On-Premise)................................................................................................................................ 7

Components of RSA Adaptive Authentication (On-Premise) ............................................ 8

End-User Flow within RSA Adaptive Authentication........................................................ 9

Chapter 2: RSA Adaptive Authentication System Overview ..............11Architectural Overview..................................................................................................... 12

RSA Risk Engine .............................................................................................................. 12

Policy Management........................................................................................................... 14

RSA eFraudNetwork Service............................................................................................ 15

RSA Central ...................................................................................................................... 15

External Data Provider Services ....................................................................................... 15

GeoIP Service ............................................................................................................ 15

Channel Determination Service ................................................................................. 15

Scheduler........................................................................................................................... 15

Back Office Applications.................................................................................................. 16

Access Management .................................................................................................. 16

Administration Console ............................................................................................. 16

Case Management...................................................................................................... 16

Customer Service ....................................................................................................... 16

Policy Management ................................................................................................... 17

Report Viewer............................................................................................................ 17

Case Management API...................................................................................................... 17

Network Integration .......................................................................................................... 18

RSA Adaptive Authentication Utilities............................................................................. 19

Batch Loader.............................................................................................................. 20

GeoIP Data Download ............................................................................................... 20

Aggregator Token Generator ..................................................................................... 20

Configuration Framework Utilities............................................................................ 20

RSA eFraudNetwork Agent Utility ........................................................................... 21

Encryption.................................................................................................................. 21

Diagnostics Manager ................................................................................................. 21

HealthCheckServlet ................................................................................................... 21

Log Manager Servlet ................................................................................................. 21

FIPS 140-2 Compliance .................................................................................................... 22

Chapter 3: High-Level Deployment Tasks..................................................... 23

Chapter 4: Documentation Set Overview ...................................................... 25

Preface 5


Preface

About This Guide

This guide introduces RSA® Adaptive Authentication (On-Premise) 7.0. It is intended to provide a high-level introduction to the product and its documentation set.

For more information about the complete RSA Adaptive Authentication (On-Premise) 7.0 documentation set, see Chapter 4, “Documentation Set Overview.”

Support and Service

RSA SecurCare Online offers a knowledgebase that contains answers to common questions and solutions to known problems. It also offers information on new releases, important technical news, and software downloads.

The RSA Solution Gallery provides information about third-party hardware and software products that have been certified to work with RSA products. The gallery includes Secured by RSA Implementation Guides with step-by-step instructions and other information about interoperation of RSA products with these third-party products.

Before You Call Customer Support

Make sure that you have direct access to the computer running the Adaptive Authentication (On-Premise) software.

Please have the following information available when you call:

Your RSA Customer/License ID.

Adaptive Authentication (On-Premise) software version number.

The make and model of the machine on which the problem occurs.

The name and version of the operating system under which the problem occurs.

RSA SecurCare® Online https://knowledge.rsasecurity.com

Customer Support Information www.emc.com/support/rsa/index.htm

RSA Solution Gallery https://gallery.emc.com/community/marketplace/rsa?view=overview

https://knowledge.rsasecurity.com

www.emc.com/support/rsa/index.htm

www.rsasecured.com

https://gallery.emc.com/community/marketplace/rsa?view=overview

1: Introduction to RSA Adaptive Authentication (On-Premise) 7


1 Introduction to RSA Adaptive Authentication (On-Premise)

RSA Adaptive Authentication (On-Premise) is designed to be a comprehensive authentication and fraud detection system helping to provide cost-effective protection for an entire user base. Adaptive Authentication can help secure online portals, SSL VPNs, and web access management portals for many different types of organizations in the healthcare, insurance, enterprise, government, financial services, and other industries. For more information about potential uses cases, see “High-Level Deployment Tasks” on page 23.

Adaptive Authentication (On-Premise) is powered by risk-based authentication (RBA), a risk assessment and authentication technology that operates transparently and classifies all users by measuring a series of risk indicators. This transparent authentication is designed to provide a convenient online experience for the majority of users. Users are only challenged when suspicious activities are identified and an organizational policy is violated.

8 1: Introduction to RSA Adaptive Authentication (On-Premise)


Components of RSA Adaptive Authentication (On-Premise)

The following figure shows the components of the RSA Adaptive Authentication (On-Premise) system.

The various components in the Adaptive Authentication (On-Premise) system are:

RSA® Risk Engine. Self-learning engine that evaluates each online activity in real time, tracking over 100 indicators to help detect fraudulent activity or intrusion. The Risk Engine generates a risk score between 0 and 1000 for each activity. The higher the risk score or level, the greater the likelihood that an activity is fraudulent.

RSA eFraudNetwork ™ service. Collaboration of organizations, ISPs, and other partners that share a data repository of suspicious identifiers with RSA. When fraud is identified, fraud data, activity profiles, IP addresses, and information about Device Fingerprints and payee (mule) accounts are moved to a shared data repository.

Authentication Methods. Extra authentication methods that can be used in addition to standard logon credentials. These additional methods include challenge questions, knowledge-based authentication (KBA), one-time password (OTP), out-of-band phone, out-of-band SMS, and out-of-band email. Additionally, the RSA multi-credential framework (MCF) allows organizations to integrate authentication methods that are developed in-house or by a third-party.

Back Office eFraudNetworkAdaptive

Authentication

Risk Engine

AuthenticationMethods

1: Introduction to RSA Adaptive Authentication (On-Premise) 9


Back Office. Web-based Back Office applications used to manage and administer the Adaptive Authentication (On-Premise) system.

For more information about each component, see Chapter 2, “RSA Adaptive Authentication System Overview.”

End-User Flow within RSA Adaptive Authentication

The following figure shows the secured end-user flow within RSA Adaptive Authentication.

As shown in the preceding figure (from left to right), the following stages occur within the flow:

1. The end user enters an application protected by Adaptive Authentication. End users can include employees, customers, contractors, partners, administrators, and any other members of organizations who have access to an application secured by Adaptive Authentication. Adaptive Authentication provides protection for the end user who enters an application using one of the following:

• Website or portal.

• SSL VPN application—An organization uses an SSL VPN to provide employees and partners with remote access to its network inside a firewall.

• Web access management application (WAM)—An organization uses a WAM application to secure access to web-enabled applications and resources.

• Mobile applications and mobile browsers.

10 1: Introduction to RSA Adaptive Authentication (On-Premise)


• ATM device—For information about the ATM Protection Module, see “ATM Protection Module” on page 13.

2. End-user activities are profiled. When an end user uses one of the protected entry methods, activity details are gathered by the RSA Risk Engine for risk assessment and authentication. Behavioral profiles, device profiles, and RSA eFraudNetwork input are correlated into end-user profiles by the Risk Engine.

3. Risk assessment of the end user is performed behind the scenes. Adaptive Authentication is powered by risk-based authentication technology that conducts a behind the scenes risk assessment of all end users. Transparent authentication helps organizations to increase security without compromising user convenience. A unique risk score is assigned to each activity, and users are only challenged when an activity is identified as high-risk or an organizational policy is violated. Based on the risk scores and other factors, the Policy Management application creates policies and rules regarding end-user activities. Events and activities that are suspected or confirmed fraudulent activities are flagged by the system.

4. Authentication methods are applied. Non-flagged activities are invisibly authenticated while flagged activities lead to further monitoring and tracking, as well as the use of additional authentication methods including challenge questions, knowledge-based authentication (KBA), one-time password (OTP), out-of-band phone, out-of-band SMS, out-of-band email, or client-defined authentication methods using the multi-credential framework.

5. Authentication results determine continuation of end-user activity and contribute to Risk Engine assessments.End-user activity can continue, pass, or fail depending on the success of authentication. Failed authentication data is fed back to the Risk Engine, as is data gathered during case management. This data collection contributes to the ever-increasing relevance and accuracy of Risk Engine assessments.

2: RSA Adaptive Authentication System Overview 11


2 RSA Adaptive Authentication System Overview

• Architectural Overview

• RSA Risk Engine

• Policy Management

• RSA eFraudNetwork Service

• RSA Central

• External Data Provider Services

• Scheduler

• Back Office Applications

• Case Management API

• Network Integration

• RSA Adaptive Authentication Utilities

• FIPS 140-2 Compliance

This chapter provides an architectural overview of the RSA Adaptive Authentication (On-Premise) system.

12 2: RSA Adaptive Authentication System Overview


Architectural Overview

The following figure shows the RSA Adaptive Authentication (On-Premise) system components and how the components interact with each other. The Adaptive Authentication system is made up of various types of components including databases, applications, utilities, and agents. Outputs include logs, reports, and data sent to RSA Central and the RSA eFraudNetwork service.

RSA Risk Engine

The RSA Adaptive Authentication (On-Premise) system uses the RSA Risk Engine to help detect fraud and other forms of suspicious behavior in logon and transaction events. Your online application sends a request for authentication (or risk analysis) to the Adaptive Authentication system and Adaptive Authentication returns the results of the risk assessment along with a recommended action.

The Risk Engine detects fraud using several methodologies:

Positive device identification. Through the use of a cookie or Flash shared object (FSO), your system binds a user to a device. The device binding helps identify the user as a valid user of your online application. Users who are not bound are more likely to be challenged than authenticated, depending on the defined policy.

Risk-based methods. The Risk Engine is trained over time in the deployment environment. The Risk Engine takes feedback from the Case Management application and authentication methods.



Information Sources

The RSA Risk Engine takes information from a variety of sources, including from your online application, and performs a risk analysis to determine how much risk an event might contain. This information (also known as facts) includes the following:

• Client machine information, such as the system language, screen resolution, and time zone.

• Browser information, such as cookies, browser language, user agent string, and HTTP header information.

• IP information, such as that which determines where an IP address is located, the number of users seen on an IP address, and device profile (velocity).

• User device history information, such as whether Adaptive Authentication has seen the device before and whether the user's browser information changed.

• User profile and behavior, such as the number of days after the last user logon and the number of days after a password change.

• Transaction information, such as specific user data, time, and payment information.

• Information about a user’s current DOM (Document Object Model) elements for a specific HTML page, such as fields, JavaScript function names, and frames on the page, used for the HTML Injection Protection feature.

• Browser events that occur on an HTML page, such as keyboard strokes and mouse movements, used for the Man vs. Machine Detection feature.

• DevicePrint latency (ping time) information, such as the time taken to reach the end user’s local host and the end user’s external IP address, used for the Proxy Attack Protection feature.

• Information about the location of the end user mobile device, such as longitude, latitude, altitude, and speed, used for the Mobile Location Awareness feature.

ATM Protection Module

The ATM Protection Module uses detailed information about ATM-specific activities to help detect fraudulent events.

The ATM Protection Module is designed to monitor ATM-specific activities by collecting information about the end-user account, the current transaction, and the location and type of ATM device. This information is passed to the RSA Risk Engine. Based on the collected information, Adaptive Authentication assesses the risk associated with the transaction and creates a case in Case Management accordingly. To monitor these activities, new facts have been defined for creating policy rules in the Policy Management application. The Case Management application is updated to display ATM-related information.

The ATM activity details can be sent to Adaptive Authentication either via the API or via the Batch Loader utility to process bulk information about ATM activities. For more information about the Batch Loader utility, see the Operations Guide.

For more information about the ATM Protection Module, see the Workflows and Processes Guide.



Policy Management

The Policy Management component determines what to do about potentially risky events, based on the risk analysis. The Policy Management component is configured by adapting the RSA Adaptive Authentication default policies to your existing business policies.

The Policy Management component takes the information from the Risk Engine and recommends what actions need to be taken for that given event. Adaptive Authentication returns the recommended actions to your application. Actions may include the following:

Allow. Allows the user to access your online system (logon) or continue with the transaction (transaction analysis or transaction monitoring).

Challenge. Challenges the user by requesting additional authentication, by way of challenge questions or out-of-band authentication.

Deny. Denies the user access to your system (logon) or denies the transaction event.

Review. Flags the event for review through Case Management by a fraud analyst. This action can be a supplemental recommendation to other action types. After the fraud analyst completes the review, the final result is sent to the Risk Engine to improve its learning ability and fraud detection rate.

The following figure shows the interaction between the Risk Engine and the Policy Management component.



RSA eFraudNetwork Service

The RSA eFraud Network service is a collaboration of organizations, ISPs, and feeding partners that share a data repository of suspicious identifiers with RSA.

RSA Central

RSA provides a centralized service called RSA Central that helps you access and provide log files to RSA and pull information from reports and GeoIP data. The service is specifically designed for receiving log files from sources, such as the RSA Adaptive Authentication system, and for allowing you to retrieve and view reports through the Report Viewer application. Reports are available as PDF and CSV files.

External Data Provider Services

The Adaptive Authentication system enables dynamic update of the device definition file in the device type detector component.

The following topics describe the external data providers. For more information, see the Operations Guide.

GeoIP Service

The geographic IP location information (GeoIP) files used by the Adaptive Authentication system need to be updated over time as IP addresses are moved to different locations or ISPs.

Channel Determination Service

RSA provides updated Mobile Detection files through your reporting account. These files can be accessed by any of the supported mechanisms for downloading reports, such as rsync over SSH, SFTP, or HTTPS. You can download the latest Mobile Detection files from RSA Central. For more information, see the chapter “Updating Mobile Detection Information” in the Operations Guide.

Scheduler

Keeping the Adaptive Authentication system in operational mode requires running maintenance, monitoring, and database-related tasks. The Scheduler allows you to schedule and manage all of these tasks using a single console. You can specify the tasks to run and the configuration parameters for that run.

The Scheduler generates log files on a daily basis for troubleshooting system operation.

For information about how to configure scheduled tasks in the Adaptive Authentication system, see the topic “Scheduler Operation” in the Operations Guide.



Back Office Applications

The Back Office applications are a set of web-based applications that enable operators in your organization to interact with the Adaptive Authentication system. The Back Office applications have a dedicated database, which is separate from the Core Database. The Back Office applications are:

• Access Management

• Administration Console

• Case Management

• Customer Service

• Policy Management

• Report Viewer

Access Management

The Access Management application allows you to create users for personnel within your organization. It also allows you to manage user roles and permissions for the different Back Office applications.

If your organization manages its users with an external identity store, such as an LDAP directory or Active Directory, you can grant access to Adaptive Authentication (On-Premise) through the external identity framework. For more information about access for these users, see the chapter “Managing Access to the Back Office Applications” in the Back Office User’s Guide.

Administration Console

The Administration Console application allows you to manage system configuration parameters. You use the Administration Console application to modify and maintain parameter values according to your Adaptive Authentication implementation, business requirements, and system setup.

Case Management

The Case Management application is used to review events that are flagged as high-risk by the Adaptive Authentication system and require a fraud analyst’s review.

Events are flagged for review by Adaptive Authentication and the Case Management application pulls these events into its dedicated database. Fraud analysts review the events and provide resolution. Using web services calls, the flagged events and the resolutions are updated in the Core Database.

Customer Service

The Customer Service application allows customer service representatives to search for and modify user account information and help your end users with online account troubleshooting.

In addition, the Customer Service application provides user activity logs that customer service representatives can monitor.



Policy Management

The Policy Management application allows you to define your organization’s policy by which the Adaptive Authentication system detects and acts upon a high-risk event. For security reasons, RSA recommends that you verify and test the policy set before implementing policies in the Adaptive Authentication system. For more information, see the chapter “Managing Policies” in the Back Office User’s Guide.

Report Viewer

The RSA Risk Engine produces forensic log files. Based on these log files, RSA Central provides reports for your organization regarding your forensic activity.

With the Report Viewer application, you can view daily, weekly, and monthly reports created by RSA Central. Reports from RSA Central are synchronized with the Report Viewer application for accurate reading of the files.

Case Management API

The Case Management API is the extension of Adaptive Authentication (On-Premise) Case Management capabilities that allows you to share information with your external case management system. It provides your organization with the flexibility to more accurately influence event resolution for suspected or confirmed fraudulent activities.

This added capability enables your organization to extract cases and activities (events) from the Case Management application as well as provide feedback concerning the resolutions of these cases and activities. For more information about the relationship between cases and events within the Case Management application, see the Back Office User’s Guide.The Case Management API service provides the methods to extract data about events and cases. The extraction process uses filters for more specific data retrieval results. This service also includes methods to update the resolution information on events as well as the case statuses for specific cases, as needed. For more information about Case Management API, see the Web Services API Reference Guide.



Network Integration

The following high-level diagram shows the recommended network deployment for Adaptive Authentication. The diagram reflects the following business flow:

• A user connects to a customer website from the Internet zone.

• A customer website located in the demilitarized zone (DMZ) collects information from the user and passes it to the Adaptive Authentication system in the Application Tier.

• The Adaptive Authentication system manages the information and returns a risk score along with a policy-based action.

• The Adaptive Authentication system uses the Core Database, located in the Organizational Data Tier, for storage of operational data.



RSA Adaptive Authentication Utilities

Adaptive Authentication provides several utilities that system administrators can use to configure, manage, and operate the Adaptive Authentication system. There are operational, testing, diagnostic, and troubleshooting utilities.

The Adaptive Authentication utilities include:

• Operational utilities:

– Batch Loader

– GeoIP data download

– Aggregator Token Generator

– Configuration Framework utilities

– eFraudNetwork agent (optional)

– Encryption utility

• Diagnostic and troubleshooting utilities:

– Diagnostics Manager

– HealthCheckServlet

– Log Manager Servlet

The following figure shows the high-level interaction of utilities with the Adaptive Authentication system.



Batch Loader

The Batch Loader utility is a command-line tool for loading historical customer data into the Core Database for use in risk analysis. You can execute the Batch Loader utility in one of the following modes:

Risk Engine only. In this mode, the Batch Loader utility only loads data to the Risk Engine. It does not create users and devices. RSA recommends using this mode for increased efficiency and performance.

Full. In this mode, the Batch Loader utility loads Risk Engine data, user IDs, and device information. Full mode should only be used when device recognition and recovery is key to role authentication.

For more information about the Batch Loader utility, see the Operations Guide.

GeoIP Data Download

RSA provides geographic IP location information with your initial build. Over time, IP addresses are moved to different locations or ISPs. RSA periodically updates the existing GeoIP data and adds new entries.

RSA recommends that you update your GeoIP files every two months.

For more information about how to download GeoIP data, see the Operations Guide.

Aggregator Token Generator

RSA works with account aggregators to allow customers to use aggregators to access your online system. To allow an aggregator to access your online service, you must define the following items:

• A list of IP addresses associated with the aggregator

• A specific super token assigned to an aggregator to access the Adaptive Authentication system

The Aggregator Token Generator creates the super token for an aggregator. This super token is placed in your configuration files.

Configuration Framework Utilities

Adaptive Authentication provides several utilities for use within a Configuration Framework. The Configuration Framework utilities enable you to load configurations from the file system to the Core Database. The ConfigTool utility manages your configuration files before deployment or during maintenance.



RSA eFraudNetwork Agent Utility

The RSA Adaptive Authentication (On-Premise) system communicates with the RSA eFraudNetwork service through an eFraudNetwork agent. The eFraudNetwork agent allows you to update your system with high-risk IP addresses, Device Fingerprint information, and payee (mule) account information from the eFraudNetwork.

The eFraudNetwork agent receives updated fraudulent information by accessing the eFraudNetwork service through the HTTPS protocol. The Core Database is then populated with the updated information.

The information update can be either automatic or manual, according to your preference.

For more information about the eFraudNetwork agent utility, see the Operations Guide.

Encryption

The encryption feature is a mechanism that allows you to encrypt and decrypt sensitive data from the Adaptive Authentication system. The encryption process ensures that private, end-user details are protected from potential attacks. You can enable and disable the encryption feature by modifying the relevant configuration settings in the Administration Console. In addition, an encryption utility is provided to manage master key generation and rotation.

For more information about the encryption feature, see the chapter “Encrypting User Data” in the Operations Guide.

Diagnostics Manager

The Diagnostics Manager provides you with an automated process of analyzing issues that may occur during operation of your Adaptive Authentication system. The Diagnostics Manager collects data from your Adaptive Authentication system for analysis and ultimate issue resolution by RSA. This information is collected in the form of a ZIP file that you send to RSA Customer Support for analysis.

Note: The Diagnostics Manager is only for use with the guidance of an RSA representative.

HealthCheckServlet

The HealthCheckServlet performs an overall system health check and can assess a database connection status. The Adaptive Authentication system usually initiates the health check but system administrators can use the HealthCheckServlet to perform a manual check. This tool outputs its results to a log file and an HTML page that the system administrator can inspect to check for any problems.

Log Manager Servlet

The Log Manager Servlet manages existing log file settings. The servlet allows you to debug, set varying information levels, and manage your overall log settings.



FIPS 140-2 Compliance

The Adaptive Authentication system complies with FIPS 140-2 Level 1 using RSA BSAFE® 4.1. This strong encryption standard ensures a high level of security for database storage of user-sensitive data.

For details about FIPS 140-2 compliance, see the RSA BSAFE Crypto-J 4.1 Security Policy at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1291.pdf.

3: High-Level Deployment Tasks 23


3 High-Level Deployment Tasks

Whether you are securing an online portal, a web access management (WAM) portal, or an SSL VPN, you perform the same high-levels tasks for deploying and maintaining the RSA Adaptive Authentication system. The following table outlines these high-level steps.

Task Who Performs Task Reference

1. Plan the Adaptive Authentication rollout. This might include the following:

• Determine the time and resources needed for each task.

• Define hardware and software requirements.

• Determine how Adaptive Authentication works with the business needs, for example, which workflows or processes to follow.

project manager • Best Practices for Challenge Questions

• Product Overview Guide• Release Notes• What's New• Workflows and Processes

Guide

2. Set up infrastructure. IT operator • Operations Guide• Performance Guide

3. Install Adaptive Authentication in test mode, and complete basic configuration of the product.

developer, database administrator

• Installation and Upgrade Guide

4. Configure Adaptive Authentication according to specifications identified by project manager. This might include the following:

• Prepare Adaptive Authentication according to specified parameters.

• Give access rights to Back Office administrators.

developer, IT operator, database administrator

• Back Office User’s Guide• Bait Credentials Setup and

Implementation Guide• Operations Guide

24 3: High-Level Deployment Tasks


For more information about the documentation set, see Chapter 4, “Documentation Set Overview.”

5. Integrate the secure application with Adaptive Authentication through the web services API or an integration adapter.

developer • Authentication Plug-In Developer’s Guide

• Integration Guide• Web Services API

Reference Guide• Adaptive Authentication

Adapter guides. See documentation on RSA SecurOnline at https://knowledge.rsasecurity.com/scolcms/sets.aspx?product=aa&_v=document

6. Educate end users and internal functional teams.

project manager or training specialist

• Product Overview GuideFor a description of each guide in the documentation set, see Chapter 4, “Documentation Set Overview.”

7. Customize the Adaptive Authentication policies to meet business needs, such as updating the policies so that 5 % of all customers must complete additional authentication.

Back Office user • Back Office User’s Guide

8. Maintain the stability of Adaptive Authentication.

IT operator or database administrator

• Operations Guide• Performance Guide

9. Set up Back Office applications for use on an ongoing basis. Customize the Adaptive Authentication configuration to meet business needs (updating policies) and reduce intrusion attempts (managing cases).

Back Office user • Back Office User’s Guide

Task Who Performs Task Reference

https://knowledge.rsasecurity.com/scolcms/sets.aspx?product=aa&_v=document

4: Documentation Set Overview 25


4 Documentation Set Overview

The RSA Adaptive Authentication (On-Premise) 7.0 documentation set is available as part of the product and on RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/sets.aspx?product=onprem&_v=document.

The following table describes each document in the documentation set.

Document Name Filename Description

Authentication Plug-In Developer’s Guide

Authentication_Plug-In_DeveloperGuide.pdf Describes the Authentication Plug-In development process that enables external authentication providers to integrate their products with the Adaptive Authentication system.

Bait Credentials Setup and Implementation Guide

BaitSetup_ImplementationGuide.pdf Describes how to set up and implement RSA bait credentials, which help provide customers with accelerated fraud detection and prevention capabilities.

Integration Guide IntegrationGuide.pdf Describes how to integrate and deploy Adaptive Authentication (On-Premise).

Operations Guide OperationsGuide.pdf Provides information on how to administer and operate Adaptive Authentication (On-Premise) after upgrade. This guide also describes how to configure Adaptive Authentication (On-Premise) within the Configuration Framework in the Operations Guide.

Performance Guide PerformanceGuide.pdf Provides performance test results for RSA Adaptive Authentication (On-Premise) 7.0.

Back Office User’s Guide

BackOffice_UserGuide.pdf Provides an overview of the following Back Office applications: Policy Management, Case Management, Access Management, Customer Service, and the Report Viewer.

https://knowledge.rsasecurity.com/scolcms/sets.aspx?product=onprem&_v=document

https://knowledge.rsasecurity.com/scolcms/sets.aspx?product=onprem&_v=document

26 4: Documentation Set Overview


Product Overview Guide

ProductOverview.pdf Provides a high-level overview of RSA Adaptive Authentication (On-Premise) 7.0, including system architecture and details about the documentation set.

Release Notes ReleaseNotes.pdf Release notes for RSA Adaptive Authentication (On-Premise) 7.0, which describes known and addressed issues in the release, as well as other important information.

Installation and Upgrade Guide

Installation_UpgradeGuide.pdf Provides information on how to install RSA Adaptive Authentication (On-Premise) 7.0. The guide also describes how to upgrade to RSA Adaptive Authentication (On-Premise) 7.0 from RSA Adaptive Authentication (On-Premise) 6.0.2.1 SP2, 6.0.2.1 SP3, and 6.0.2.1 SP3 P1.

Web Services API Reference Guide

WebServices_API_ReferenceGuide.pdf Describes Adaptive Authentication API Web Service methods and parameters. This document covers the Web Services, AdminServices, ImageService, and Authentication Plug-In Service for Adaptive Authentication (On-Premise). It describes the overall business workflows, the methods, and the data elements for each method.

What's New What'sNew.pdf Highlights new features and enhancements in RSA Adaptive Authentication (On-Premise) 7.0.

Workflows and Processes Guide

WorkflowsProcesses_Guide.pdf Describes the workflows and processes that allow end users to interact with your system and that allow you to interact with the Adaptive Authentication (On-Premise) system.

Best Practices for Challenge Questions

BestPractices_ChallengeQuestions.pdf Describes the best practices related to challenge questions that RSA has evolved through experience at multiple deployments.


4: Documentation Set Overview 27


Security Best Practices Guide

Security_Best_Practices_Guide.pdf Provides recommendations for configuring your network and Adaptive Authentication (On-Premise) securely.


rsa adaptive authentication (on-premise) 7.0 product

Documents