Setup Guide
Table Of Contents
- 1 Introduction
- 2 iDRAC9 Configuration for RSA SecurID
- 3 RSA SecurID 2FA with Local Users
- 4 RSA SecurID 2FA with Active Directory Users
- 5 RSA SecurID 2FA with Generic LDAP Directory Users
- 6 Troubleshooting RSA SecurID Issues
- 6.1 Misconfiguration or iDRAC Configuration Gets Reset
- 6.2 Datacenter License Expires or Gets Downgraded or Deleted
- 6.3 Authentication Failures without being Prompted for RSA Passcode
- 6.4 Authentication failures with Correct RSA Passcode
- 6.5 Authentication Failures with Correct RSA Passcode due to Timeout
- 6.6 RSA Configuration gets lost after importing Server Configuration Profile
- Appendix A: Configure iDRAC Using RACADM
- Appendix B: References
Introduction
ID 450
1 Introduction
Enabling iDRAC9 to use RSA SecurID 2FA is relatively easy and straight-forward. This white paper provides
detailed instructions on how to enable it for local users and AD/LDAP users. It also covers some common
issues that you may run into, and how to quickly troubleshoot them.
In iDRAC9, RSA 2FA enablement requires some global configuration, and per user configuration (only
applies to iDRAC local users). This paper shows how to configure RSA SecurID 2FA from iDRAC UI.
Administrators can configure it with RACADM commands as well. For more information see the iDRAC
RACADM User Guide at dell.com/idracmanuals.
1.1 RSA SecurID 2FA license requirement
iDRAC9 Datacenter license is required to enable this feature.
1.2 Test Environment
The test environment includes the following entities:
iDRAC9 version 4.40.00.00 or later
iDRAC9 Datacenter license
RSA AM server 8.4
Microsoft Active Directory Server – see the RSA AM documentation for supported versions
OpenLDAP 2.4.44
1.3 Before You Begin
Before you begin to configure iDRAC9 to enable RSA SecurID, you must have:
Working knowledge to configure RSA AM server, or you must work with RSA AM server administrator in
order to enable RSA SecurID on iDRAC.
You must have a Microsoft Active Directory server properly configured.
If you are trying to enable RSA SecurID on all AD users, add the AD server to the RSA AM server as an
Identity Source.
You must have a generic LDAP server (OpenLDAP 2.4.40 or later required by RSA AM 8.4),
For LDAP users, the Identity Source to the LDAP server must be added in RSA AM server.