Setup Guide
Table Of Contents
- 1 Introduction
- 2 iDRAC9 Configuration for RSA SecurID
- 3 RSA SecurID 2FA with Local Users
- 4 RSA SecurID 2FA with Active Directory Users
- 5 RSA SecurID 2FA with Generic LDAP Directory Users
- 6 Troubleshooting RSA SecurID Issues
- 6.1 Misconfiguration or iDRAC Configuration Gets Reset
- 6.2 Datacenter License Expires or Gets Downgraded or Deleted
- 6.3 Authentication Failures without being Prompted for RSA Passcode
- 6.4 Authentication failures with Correct RSA Passcode
- 6.5 Authentication Failures with Correct RSA Passcode due to Timeout
- 6.6 RSA Configuration gets lost after importing Server Configuration Profile
- Appendix A: Configure iDRAC Using RACADM
- Appendix B: References
RSA SecurID 2FA with Local Users
ID 450
Before logging into iDRAC, ensure that the same user exists in RSA AM internal database and a valid token
is assigned to the user. The token is then distributed to the expected recipient. As previously mentioned,
iDRAC only supports RSA 2FA on iDRAC GUI login and SSH login.
3.2 Log in to iDRAC from UI with an iDRAC Local User
First log in with user credentials configured in iDRAC.
Logging into iDRAC with RSA 2FA enabled local user
Next, the user is challenged with RSA SecurID. Type in the passcode from RSA SecurID Windows or Mobile
application. iDRAC allows a maximum of three attempts to enter the correct passcode. Entering three wrong
passcodes in a row, you will be locked out for 60 seconds. After lockout period ends, you must start over from
the local user authentication.
If you believe you entered the correct passcode and authentication still fails, then see the Troubleshooting
section.