Troubleshooting guide

ManualsBrandsRSA Security ManualsServer6.1

111

112

113

114

115

116

117

118

119

120

C: Glossary 115

RSA Authentication Manager 6.1 to 8.1 Migration Guide

requests

Allows users to enroll, as well as request tokens, the on-demand tokencode service,

and user group membership.

Request Approver

A predefined administrative role that grants permission to approve requests from users

for user enrollment, tokens, or user group membership.

risk-based authentication (RBA)

An authentication method that analyzes the user’s profile, authentication history, and

authentication device before granting access to a protected resource.

risk engine

In Authentication Manager, the risk engine intelligently assesses the authentication

risk for each user. It accumulates knowledge about each user’s device and behavior

over time. When the user attempts to authenticate, the risk engine refers to its

collected data to evaluate the risk. The risk engine then assigns an assurance level,

such as high, medium, or low, to the user’s authentication attempt.

round robin DNS

An alternate method of load balancing that does not require dedicated software or

hardware. When the Domain Name System (DNS) server is configured and enabled

for round robin, the DNS server sends risk-based authentication (RBA) requests to the

web-tier servers. See Load Balancer.

scope

In a deployment, the security domain or domains within which a role’s permissions

apply.

Secure Sockets Layer (SSL)

A protocol that uses cryptography to enable secure communication over the Internet.

SSL is widely supported by leading web browsers and web servers.

Security Console

An administrative user interface through which the user performs most of the

day-to-day administrative activities.

security domain

A container that defines an area of administrative management responsibility,

typically in terms of business units, departments, partners, and so on. Security

domains establish ownership and namespaces for objects (users, roles, permissions,

and so on) within the system. They are hierarchical.

security questions

A way of allowing users to authenticate without using their standard method. To use

this service, a user must answer a number of security questions. To authenticate using

this service, the user must correctly answer all or a subset of the original questions.

self-service

A component of Authentication Manager that allows the user to update user profiles,

change passwords for the Self-Service Console, configure life questions, clear devices

enabled for risk-based authentication, change e-mail addresses or phone numbers for

on-demand authentication, and manage on-demand authentication PINs. The user can

also request, maintain, and troubleshoot tokens.