156-215.80 · Question #263
You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?
The correct answer is A. A group with generic user. When integrating RSA SecurID with Check Point, you define a group containing a single generic user in SmartDashboard to represent all token-authenticated users rather than creating individual internal accounts.
Question
You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?
Options
- AA group with generic user
- BAll users
- CLDAP Account Unit Group
- DInternal user Group
How the community answered
(42 responses)- A81% (34)
- B12% (5)
- C2% (1)
- D5% (2)
Why each option
When integrating RSA SecurID with Check Point, you define a group containing a single generic user in SmartDashboard to represent all token-authenticated users rather than creating individual internal accounts.
RSA SecurID authentication is handled externally by the RSA Authentication Manager; Check Point does not store individual user credentials. A 'generic user' object acts as a template that matches any user authenticated by the external RSA server, and placing it inside a group allows that group to be referenced in security rules. This avoids the administrative overhead of replicating every RSA user inside the Check Point user database.
Defining all users individually as internal Check Point users is unnecessary and incorrect - RSA SecurID users are authenticated by the RSA server, not by Check Point's internal database.
An LDAP Account Unit Group is used when integrating with an LDAP directory (such as Active Directory), not with RSA SecurID token-based authentication.
An 'Internal user Group' composed of internal Check Point user accounts would bypass RSA SecurID entirely and does not support token-based authentication.
Concept tested: RSA SecurID integration using generic user in Check Point
Source: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_IdentityAwareness_AdminGuide/Topics-IDAG/RSA-SecurID.htm
Topics
Community Discussion
No community discussion yet for this question.