SecurID Connector
The SecurID connector lets you use RSA SecurID for multi-factor authentication (MFA) in your PingOne DaVinci flow.
Setup
Resources
For information and setup help, see the following:
-
SecurID documentation
-
DaVinci documentation:
Configuring the SecurID connector
Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.
Connector configuration
SecurID Authentication API REST URL
Your authentication API URL, such as https://company.auth.securid.com. For help getting your URL, see Copy the SecurID Authentication API REST URL.
Client Key
Your SecurID authentication client key, such as vowc450ahs6nry66vok0pvaizwnfr43ewsqcm7tz. To get a client key, see Add a SecurID Authentication API Key.
Using the connector in a flow
Authenticating users
This flow allows a user to authenticate with SecurID. It asks the user to enter their user ID in an HTML form, prompts them to select and complete a SecurID authentication method, then shows the results on an HTML page.
Because some authentication methods are completed on the user’s mobile device, the flow includes a loop that polls SecurID until the authentication challenge is complete.
-
Download the SecurID - MFA flow template. For help, see Using DaVinci flow templates.
-
(Optional) Customize the sign on form.
-
On the flow canvas, select the Sign On node.
-
In the Fields List, customize the Display Name to help your users enter their identifier correctly, depending on whether your organization uses a name, ID, or email address.
The ID entered must match a user in one of the identity sources you have configured in SecurID. For more information, see Identity Sources for the Cloud Authentication Service.
-
-
(Optional) Customize the assurance policy:
-
On the flow canvas, select the Multi-Factor Authentication (SecurID) node.
-
In the Assurance Policy Name field, enter the policy you want to use, such as
All Users Low Assurance Level.See your policy names in SecurID by going to Access → Policies.
You can set this value dynamically by clicking {} and selecting a variable from another node in your flow.
-
-
(Optional) Customize the default Select Authentication Method interface.
-
On the flow canvas, select the User Verification (SecurID) node.
-
On the Select Authentication tab, modify the HTML Template, CSS, and Script fields.
-
Click Switch View to see the HTML formatted with syntax highlighting.
-
Click the Maximize() icon to give yourself more room to work.
-
To access a variety of useful tools, right-click the field when you’re in syntax highlighting mode (dark background).
-
-
-
(Optional) Customize the default SecurID Token Code interface on the SecurID Token Code tab.
-
(Optional) Customize the default Emergency Access Token Code interface on the Emergency Access Token Code tab.
-
(Optional) Customize the default Check Your Device interface.
-
On the flow canvas, select the Check Your Device node.
-
Modify the Message Title, Message, and other fields.
-
-
Test the flow by clicking Save, Deploy, and Try Flow.
Capabilities
Multi-Factor Authentication (MFA)
Get the user’s authentication methods and start the authentication process.
Show details
-
Properties
-
Input Schema
-
Output Schema
- User Identifier textField
-
The unique identifier for the user, such as an email, account name, user ID.
- Assurance Policy Name textField
-
The name of your SecurID policy, such as "All Users Low Assurance Level".
- Keep Record toggleSwitch
-
When enabled, SecurID keeps a record of each completed transaction.
- Authentication Attempt Timeout textField
-
A number in seconds representing how long the server will keep the authentication attempt ID available after each call. During this time is is possible to make other calls using the "authnAttemptId". The server may reject initialization requests if the value provided is beyond the allowable maximum. Defaults to a server-defined session lifetime. Optional.
-
default object
-
properties object
-
subjectName string required
-
assurancePolicyId string required
-
apiUrl string required
-
clientKey string required
-
-
-
output object
-
headers object
-
vary string
-
cache-control string
-
content-type string
-
strict-transport-security string
-
date string
-
keep-alive string
-
expires string
-
x-xss-protection string
-
pragma string
-
transfer-encoding string
-
x-content-type-options string
-
connection string
-
x-frame-options string
-
-
status integer
-
data object
-
context object
-
authnAttemptId string
-
messageId string
-
inResponseTo string
-
-
credentialValidationResults array
-
Array Item Schema object
-
methodId string
-
methodResponseCode string
-
methodReasonCode string
-
authnAttributes array
-
-
-
attemptResponseCode string
-
attemptReasonCode string
-
challengeMethods object
-
challenges array
-
Array Item Schema object
-
methodSetId string
-
requiredMethods array
-
Array Item Schema object
-
methodId string
-
displayName string
-
priority integer
-
versions array
-
Array Item Schema object
-
versionId string
-
methodAttributes array
-
Array Item Schema object
-
name string
-
value string
-
dataType string
-
-
-
valueRequired boolean
-
referenceId null
-
prompt object
-
promptResourceId string
-
defaultText string
-
formatRegex null
-
defaultValue null
-
valueBeingDefined boolean
-
sensitive boolean
-
minLength null
-
maxLength null
-
promptArgs array
-
-
-
-
-
-
-
-
-
-
User Verification
Prompt the user to select a method and complete the authentication process.
Show details
-
Properties
-
Input Schema
-
Output Schema
-
default object
-
properties object
-
apiUrl string required
-
clientKey string required
-
-
-
output object
-
challenge string
-
headers object
-
vary string
-
cache-control string
-
content-type string
-
strict-transport-security string
-
date string
-
keep-alive string
-
expires string
-
x-xss-protection string
-
pragma string
-
transfer-encoding string
-
x-content-type-options string
-
connection string
-
x-frame-options string
-
-
status integer
-
data object
-
context object
-
authnAttemptId string
-
messageId string
-
inResponseTo string
-
-
credentialValidationResults array
-
Array Item Schema object
-
methodId string
-
methodResponseCode string
-
methodReasonCode string
-
authnAttributes array
-
-
-
attemptResponseCode string
-
attemptReasonCode string
-
challengeMethods object
-
challenges array
-
Array Item Schema object
-
methodSetId string
-
requiredMethods array
-
Array Item Schema object
-
methodId string
-
displayName string
-
priority integer
-
versions array
-
Array Item Schema object
-
versionId string
-
methodAttributes array
-
Array Item Schema object
-
name string
-
value string
-
dataType string
-
-
-
valueRequired boolean
-
referenceId null
-
prompt object
-
promptResourceId string
-
defaultText string
-
formatRegex null
-
defaultValue null
-
valueBeingDefined boolean
-
sensitive boolean
-
minLength null
-
maxLength null
-
promptArgs array
-
-
-
-
-
-
-
-
-
-