Setup Guide
Table Of Contents
- 1 Introduction
- 2 iDRAC9 Configuration for RSA SecurID
- 3 RSA SecurID 2FA with Local Users
- 4 RSA SecurID 2FA with Active Directory Users
- 5 RSA SecurID 2FA with Generic LDAP Directory Users
- 6 Troubleshooting RSA SecurID Issues
- 6.1 Misconfiguration or iDRAC Configuration Gets Reset
- 6.2 Datacenter License Expires or Gets Downgraded or Deleted
- 6.3 Authentication Failures without being Prompted for RSA Passcode
- 6.4 Authentication failures with Correct RSA Passcode
- 6.5 Authentication Failures with Correct RSA Passcode due to Timeout
- 6.6 RSA Configuration gets lost after importing Server Configuration Profile
- Appendix A: Configure iDRAC Using RACADM
- Appendix B: References
RSA SecurID 2FA with Active Directory Users
ID 450
4 RSA SecurID 2FA with Active Directory Users
4.1 Enable RSA SecurID 2FA on Active Directory Users
Note: RSA SecurID 2FA can only be applied to all or none of the Active Directory (AD) users.
To enable or disable RSA SecurID 2FA on AD users, go to iDRAC UI. Then, follow the navigation menu from
iDRAC Settings -> Users -> Directory Services. From there, select Microsoft Active Directory and click
Edit button. On the second page of AD configuration, find the RSA SecurID State dropdown box that enables
or disables RSA SecurID 2FA on AD users.
Also, there is a link to view or edit RSA SecurID Configuration right below the dropdown box. Configuring
iDRAC to authenticate users using Active Directory is not in the scope of this document. For more information
see the white paper Integrate iDRAC with Microsoft’s Active Directory
.
RSA SecurID 2FA enablement on AD users
Notes: iDRAC uses UPN name to authenticate with RSA AM. In other words, the RSA AM server the AD
username must be mapped to UPN name (userPrincipalName) from default samAccountName. See RSA AM
documentation for details -
https://community.rsa.com/docs/DOC-46951.
4.2 Log in to iDRAC from UI with an AD User
To log in with AD user, you must use User Principal Name (UPN), and password.