Troubleshooting guide

36 1: Important RSA Authentication Manager 8.1 Changes

RSA Authentication Manager 6.1 to 8.1 Migration Guide

One-Way Or Two-Way Trusted Realms

While cross-realm relationships in version 6.1 are always two-way, trusted realm

relationships in version 8.1 can be either one-way or two-way. In a one-way trusted

realm, users from realm A can authenticate in realm B, but the users from realm B

cannot authenticate in realm A. In a two-way trusted realm, the users from either

realm may authenticate in the other realm. This capability provides additional

administrative control over the realm and ensures that establishing a trusted

relationship with another realm is a deliberate act, understood and approved by the

realm’s administrator.

The following figure shows the two-way trusted realm relationships between three

realms.

Version 8.1 administrators can control which users access the trusted (opposite) realm

by performing these tasks:

• Create duplicate authentication agent records in their realm.

• Make the agent a restricted agent.

• Add the users to a user group.

• Activate the user group on the agent.