See my comments in-line.

@Era wrote:

Hello Everyone

I would like to deploy SSO for my user with SecureID tockens. Actually we have Active Directory infrastructure and I successfully configured SSO with Active Directory with GINA&Odyssey Client.

Help me please to clear following things :

1. It is really more secure to use SecureID for SSO on IC instead of Active Directory with passwords(high complexity and etc). Is it really impress my auditors on next ISO security audit.

Due to the simple fact that the token changes value every 60 seconds means that it is more secure vs using a relatively static password in AD. Also, since you have to have a PIN and the physical token to complete the authentication it also adds to the security.

2. How I can deploy SSO with Active Directory Authentication simultaneously? I would like to deploy solution when my users need to enter their token code only once (802.1x + Active Directory Sign ON).

You can configure the OAC (Odyssey Access Client) to prompt for the PIN-PASSCODE during the Windows logon process. Unfortunately, your users will have to enter both the AD creds as well as the RSA token creds...so its a bit more complex than what you want. If there is a way to get AD to sync its password database with RSA, I see no way round this.

3. Do I need to deploy SecureID agent for windows with GINA or Odessey Client?

No, you do not need to deploy the RSA agent. When you configure OAC at GINA, the RSA client is not used during 802.1x auth.

Regards,

Alexey

---

Hope that helps.

Thanks

Craig