RSA SecurID Ready Implementation Guide

Last Modified: 12 March 2002

1. Partner Information
Partner Name Web Site Product Name Version & Platform Product Description eRoom Technology, Inc www.eroom.com eRoom Version 6.0 (and later) for Windows 2000, Windows NT The eRoom digital workplace is a cross-enterprise collaborative environment that integrates with a company's enterprise systems and platforms and mission-critical business processes, providing a unified environment for complex project work and business initiatives. Enterprise Collaboration Software

Product Category

2. Contact Information
E-mail Phone Web Sales Contact sales@eroom.com +1.617.497.6300 www.eRoom.com Support Contact sales@eroom.com +1.617.497.6300 www.eRoom.com

3. Solution Summary
Feature Authentication Methods Supported ACE/Agent Library Version ACE 5 Locking Replica ACE/Server Support Secondary RADIUS/TACACS+ Server Support Location of Node Secret on Client ACE/Server Agent Host Type SecurID User Specification SecurID Protection of Administrators Details Native SecurID 4.2, 5.0 Yes Master/Slave and Full Replica Support. No None stored In Registry Net OS Designated users, all users, SecurID as default No

4. Product Requirements
Hardware requirements

Component Name: eRoom Server CPU make/speed required Memory HD space Firmware level 733 MHz Pentium (300 MHz Pentium minimum) 256 MB RAM 125 MB free disk space (70 MB Minimum)

Component Name: Database Server CPU make/speed required Memory HD space Firmware level 733 MHz Pentium (300 MHz Pentium Minimum) 256 MB RAM 1 GB free disk space

Software requirements

Component Name: eRoom Sever Operating System Windows NT 4.0 Server Windows 2000 Server Windows Advanced Server Version (Patch-level) Service Pack 6a or higher

Component Name: Database Operating System Windows NT 4.0 Server Windows 2000 Server Windows Advanced Server Version (Patch-level) Service Pack 6a (or higher)

5. Partner ACE/Agent configuration

No special software required for installation beyond the standard eRoom V6 installation. In order to perform the installation, must have eRoom Server Administrator or Facility Administrator rights, and access to the eRoom Server Administrator page or eRoom Facility Admin page. Accessible via web browser or MMC.

Basic steps required to configure the product for ACE/Agent operation.

Install the RSA ACE/Agent on the eRoom application server. Configure it with Network Authentication enabled. Do not install WebID on the eRoom Server. Reboot the eRoom Application Server. Perform a test authentication from the ACE/Agent to the designated ACE/Server. Insure that you are able to perform a successful authentication with the ACE/Agent before proceeding. After confirming that the ACE/Server and ACE/Agent are communicating, open either the eRoom Server Administration Settings page or the eRoom Facility Administration Settings page. If your eRoom server uses RSA SecurID, two checkboxes are enabled in the Passwords section of the Facility Settings page, and in the Passwords section of the Server Member List Settings page. On the Server Member List Settings page: o Allow RSA SecurID authentication - When checked, the Member information page includes a checkbox, visible only to administrators, labeled "Use RSA SecurID instead of a password". This option determines whether eRoom members use RSA SecurID (a security protocol that requires a combination of personal identification numbers and SecurID card tokens to authenticate users) instead of eRoom passwords to log in to eRoom. Administrators can set this option for individual members, or use the following checkbox to set the option for all server members. If you set this option for particular members, the following checkbox has no effect for those individual members. o New members use RSA SecurID authentication by default - When checked, the "Use RSA SecurID instead of a password" option is turned on for all server members except those for whom it has been turned off manually (in which case, it remains off). Removing the checkmark turns off this option for all facility members except those for whom it has been turned on manually (in which case, it remains on). On the Facility Settings page: o Allow RSA SecurID authentication - When checked, the Member information page includes a checkbox, visible only to administrators, labeled "Use RSA SecurID instead of a password". This option determines whether members use RSA SecurID instead of eRoom passwords. Administrators can set this option for individual members, or use the following checkbox to set the option for all

facility members. If you set this option manually, the following checkbox has no effect for those individual members. New members use RSA SecurID authentication by default - When checked, the "Use RSA SecurID instead of a password" option is turned on for all facility members except those individuals for whom it has been turned off (in which case, it remains off). Removing the checkmark turns off this option for all facility members except those individuals for whom it has been turned on (in which case, it remains on).

References in the products documentation that describe the process of enabling the product for use with ACE/Server.
eRoom Online Help: Facility Administration eRoom Online Help: Server Administration eRoom Online Help: Enterprise Directories eRoom Online Help: Logging into eRoom eRoom Online Help: The eRoom Plug-in eRoom Online Help: eRoom and Microsoft Office 2000 eRoom Online Help: Managing Project Information

Examples of SecurID logon screen.

Default Login Screen

Next Token Mode

User-created PINs allowed

User Created PINs required

System Generated PIN

6. Certification Checklist
Date Tested: February 25, 2002

Product ACE/Server ACE/Agent eRoom 5 4.2, 5.0 Version 6.0

Tested Version

Test 1 time auth. (node secret creation) New PIN mode: System-generated Non-PINPAD token PINPAD token User-defined (4-8 alphanumeric) Non-PINPAD token Password User-defined (5-7 numeric) Non-PINPAD token PINPAD token SoftID token Deny 4 digit PIN Deny Alphanumeric User-selectable Non-PINPAD token PINPAD token PASSCODE 16 Digit PASSCODE 4 Digit Password Next Tokencode mode Non-PINPAD token PINPAD token Replica Servers User Lock Test (ACE Lock Function) No ACE/Server Init P P P P P P P P P P P P P P P P P P
st

ACE P

RADIUS N/A

N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

*P=Pass or Yes F=Fail N/A=Non-available function

7. Known Issues
Due to security restrictions, logging into eRoom with your SecurID account disables some of the eRoom Monitor features normally available when you have the eRoom plug-in software installed. The eRoom Monitor doesn't check for the following information about eRooms on your My eRooms page: eRoom logo, basic or full project status, and unread information. You are unable to receive eRoom instant messages. You are unable to synchronize eRoom task databases or calendars with Outlook. If, prior to using SecurID, you listed any task databases or calendars on the Outlook Task Sync tab or the Outlook Calendar Sync tab of the eRoom Monitor Settings dialog box, the Synchronizer removes them when it scans your eRooms for changes