Transcription
MASTERCARD CONNECTRSA SecurID Software TokenInstallation and User Guide11 NOV 2021
THE GUIDE AND THE INFORMATION CONTAINED THEREIN (“GUIDE”) ARE PROVIDED “AS IS.”MASTERCARD MAKES NO WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORYREGARDING OR RELATING TO THE GUIDES, INCLUDING WITHOUT LIMITATION, WARRANTIES OFACCURACY, COMPLETENESS, MERCHANTABILITY, ERRORS, NONINFRINGEMENT AND FITNESSFOR A PARTICULAR PURPOSE.Mastercard shall have no liability for direct or indirect, special, consequential, punitive or incidentaldamages from your use of the guide.All third-party product and service names are trademarks or registered trademarks of their respectiveowners. 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 2 of 13
Table of ContentsOverview. 4Getting started. 4Installation options for the RSA SecurID software token desktop application. 4 & 5Download and save the RSA SecurID software token desktop application .6Installing the RSA SecurID software token desktop application .7 & 8Receipt and upload of software token .7 & 8Using the RSA SecurID software token desktop application . 9Create a taskbar shortcut (Windows) .10Delete a software token (Windows).10Using more than one software token on the same computer.10To change software tokens.11Change the token name.11Troubleshooting .11Frequently asked questions (FAQs) on software tokens . 12Why is Mastercard moving from a hardware token (fob) to a software token solution for user authentication? .12Will the end user require any software to be loaded on his or her computer? .12Will the software token solution require the use of any physical device for authentication? .12How long will it take to set up a software token implementation? .12How do I obtain my software token? .12What are my internal integration costs for a software token implementation? .12Will I need to provide the software for this type of authentication to the end users? .12Is there a software review process? .12Can the software token solution support users who work on different computers? .12Can multiple users share the same physical workstation? .12Can the software token be installed on mobile devices? .13Can software tokens be used on personal computing devices? .13What if the user's computer is replaced due to a repair or upgrade? .13How will Mastercard support the software tokens?.13What is the fee for continuing with hardware tokens?.13How does a user authenticate to Mastercard Connect? .13What types of two-factor authentication does Mastercard support? .13How do RSA SecurID software tokens work?.13Is there a fee associated with using two-factor authentication? .13How do I replace my SecurID? .13 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 3 of 13
OverviewThe Mastercard Connect secure site requires two-factor authentication in order to access certain applications. Thisdocument explains how to download, install, and use the RSA desktop application on Windows or Mac operatingsystems.NOTE: The screenshots and procedures in this guide may vary depending on your operating system.Getting startedInstallation options for the RSA SecurID software token desktop applicationThe following options are available for installing the application: Each user can install the application. This option requires that users have administrative rights to theircomputers. A software management tool can be used to install the application.Download and save the RSA SecurID software token desktop applicationMicrosoft Windows Installation1. Go to: .2. RSA offers both a 32-bit (5.0.2) and a 64-bit (5.0.2)version of the application. Mastercard usesadvanced encryption standard (AES) 128-bittokens. For Windows, Mastercard recommendsdownloading the 32-bit version which supports 64bit operating systems.3. The newest version, 5.0.3, requires the user toRegister Now and create a free account profile withRSA. All installation steps would be the same, asdocumented herein.NOTE: At this time, Mastercard does not support RSASecurID software tokens on mobile devices. Moreinformation on this in succeeding pages. 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 4 of 13
Download and save the RSA SecurID software token desktop applicationSecurID Software Token for macOS1. Go to: -for-macos/tkb-p/securidsoftware-token-macos2. RSA recommends MAC users download and installversion 4.2.3 for macOS.NOTE: At this time, Mastercard does not support RSASecurID software tokens on mobile devices. Moreinformation on this in succeeding pages. 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 5 of 13
4. In some instances, you may be asked to complete auser license agreement before downloading theapplication.NOTE: At this time, use of the RSA SecurID softwaretoken is free.5. When prompted, click Save then select the systemfolder where you wish to save the file.6. Click OK.7. Once the download is completed and the ZIP filehas been saved, the next step is to install the RSASecurID software token desktop application on yoursystem by running the .msi installer.Installing the RSA SecurID software token desktop application1. In the folder where the installation was saved,double click on the RSA SecurID software tokendesktop application option for your operatingsystem.Windows: C:\Users\[your used ID]\DownloadsMac OS X: Downloads [folder]2. On the Welcome screen, click Next.If Windows 7 is your operating system, click Next3. On the Place of Purchase screen, select yourcompany’s region then click Next.4. On the License Agreement screen, read the licenseagreement, select I accept the terms in the licenseagreement then click Next. 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 6 of 13
5. On the Setup Type screen, select Typical to installthe application without the browser plug-in thenclick Next.6. On the Ready to Install the Program screen, clickInstall.7. If your operating system is on Windows 7, there is achance you will be prompted with the followingscreen. Click Yes to allow RSA to install theapplication on the computer.8. Once the installation is completed, click Finish. Youmay choose to restart your computer.Receipt and upload of software tokenNOTE: You must have the RSA SecurID software token desktop application installed before importing your token. Referto the installation instructions at the beginning of this guide if you need to download and install the application. 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 7 of 13
1. Your designated company representative willreceive software token/s through an encryptedemail message.2. Once you receive the file/s, double click on the token(.STDID extension or .ZIP) to start importing.You can also run the application and click Importfrom File and browse your computer for thelocation of your token file to start importing.3. The system will display the following dialog boxafter successfully loading the software token.Refer to Changing a token name in this guide foradditional information.4. After installation, close any RSA SecurID software token desktop applications that are open.NOTE: If you are migrating from a hardware token to a software token, use the same PIN that was previouslyissued to you. 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 8 of 13
Using the RSA SecurID software token desktop applicationNOTE: You will need to import a token before you can use the RSA SecurID software token desktop application. If youstart the application before importing the token, the system will display the Import Token screen. See the previoussection for more information.1. To generate a token code (passcode), select one ofthe following options” Click the Soft Token icon shortcut on yourdesktop Click the Start menu button, point toPrograms, then RSA, then RSA SecurIDsoftware token desktop application2. The system will display a window for you to enteryour PIN. You should see your token serial number inthe left-hand corner of the RSA SecurID softwaretoken desktop application.3. Enter your 4-digit PIN in the PIN field and click.4. RSA SecurID will generate 8-digit passcodes thatrefresh every 60 seconds.Click the Copy button or manually enter the 8-digitpasscode into the password field of MastercardConnect, without spaces.NOTE: Do not use the following to copy the passcode CTRL C Select/highlight the passcode2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 9 of 13
5. To validate, sign in to Mastercard Connecthttps://www.MastercardConnect.com/.6. Enter your User ID field in Mastercard Connect and8-digit passcode currently visible in the RSA SecurIDsoftware token desktop application, withoutspaces, into the Password field.If you used the Copy button, right-click on the fieldand select Paste.You should now be successfully signed in.7. For subsequent uses of the token, you must wait for the passcode to change. The application will continue togenerate a new passcode every 60 seconds until the final passcode is reached, after which you will beprompted to re-enter your PIN.8. To re-enter your PIN, click the Re-enter PIN button located on the RSA SecurID application window.For any issues, reference the Troubleshooting section of this guide or click on Support within Mastercard Connecthttps://www.MastercardConnect.com/.Create a taskbar shortcut (Windows)1. From the Start menu, click All Programs, point to RSA, then RSA SecurID software token desktop application.2. Right click on the RSA SecurID software token desktop application then click Pin to taskbar.Delete a software token (Windows)1. Open the RSA SecurID software token desktop application.2. From the Options menu on the RSA SecurID Software Token application, click Manage Token, then DeleteToken. A message prompt will appear asking you to confirm this action.3. Click Yes to delete the token. You will receive a confirmation message that the token has been deleted.Using more than one software token on the same computerThe RSA SecurID software token desktop applicationcan support multiple users on the same computer byusing more than one token.NOTE: Multiple tokens must be loaded onto onecomputer before you can select a different token. 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 10 of 13
To change software tokensFrom the RSA SecurID software token desktopapplication, locate the section at the top that identifiesthe token currently in use:1. Click the dropdown arrow and select a differenttoken.2. Enter the PIN associated with the selected user’stoken.3. Enter a PIN and then click the arrow to the right ofthe 8 digits that were generated.Change the token nameTokens are associated with user names. To change thename associated with a token:1. Launch the RSA SecurID software token desktopapplication.2. From the Options menu, click Manage Token thenChange Token Name.3. Type the new user name into the Change TokenName window.4. Click OK. You will receive confirmation that thetoken name has been changed.TroubleshootingContact your company’s IT help desk for help with the following: Installation of the RSA SecurID RSA SecurID software token desktop application Using the RSA SecurID software token desktop applicationContact Global Customer Service at customer support@Mastercard.com for help with Mastercard applications.Identify yourself as a “software token user.”Contact the Mastercard Token Support Team within Corporate Security at Token Support@Mastercard.com forhelp with authentication issues. For expedited assistance, mention that you are a software token user. 2021 Mastercard Worldwide Proprietary and Confidential11 NOV 2021Page 11 of 13
Frequently asked questions (FAQs) on software tokensWhy is Mastercard moving from ahardware token (fob) to a softwaretoken solution for user authentication?We continue to hear from customers that theywant an authentication solution that is morerobust and flexible, with much fasterdeployment and a longer life span. Softwaretokens have a 10-year life span versushardware tokens that have a two-year lifespan.Will the end user require any software tobe loaded on his or her computer?Yes, a small application from RSA Security willneed to be installed on the user's computer.Once the RSA software is installed, thesoftware token seed issued by Mastercard canbe loaded.Will the software token solution requirethe use of any physical device forauthentication?The RSA SecurID Software Token software is asmall application that must be loaded on theend users' computer and used forauthenticating into Mastercard systems.Hardware tokens (fobs) are no longer requiredwhen using this authentication method.How long will it take to set up a softwaretoken implementation?If installed on the user's computer, softwaretokens can be issued within hours.How do I obtain my software token?By default, the email containing softwaretokens will be sent only to the SecurityAdministrators of a company. If your companydoes not have a Security Administrator, thesoftware token email will be sent directly tothe users to whom the tokens are assigned. Ifyou prefer that the emailed tokens be sent tojust your users or to both your users and yourSecurity Administrators, emailToken Support@Mastercard.com, authorizingMastercard to change the distribution policy. 2021 Mastercard Worldwide Proprietary and ConfidentialWhat are my internal integration costsfor a software token implementation?The RSA SecurID Software Token software is afree download from RSA. Because softwaretokens have a 10-year life span, there also isless time and effort associated with managingfobs. And since the software token functionssimilarly to a hardware token, user training isminimal.Will I need to provide the software forthis type of authentication to the endusers?The small RSA SecurID software token desktopapplication can be provisioned to the users'computer either by the user's organizationsupport group, or by the user downloadingsoftware from the RSA site. Please note thatthe user must have administrator access to hisor her computer to install the software.Additionally, the RSA software should beadded to the customer's approved softwarelist for standard computer builds. Mastercardcan provide a process for implementing thesoftware token solution.Is there a software review process?Thousands of companies have successfullydeployed the RSA Software Tokenauthentication solution. If requested,Mastercard can work with the customer'sInformation Security and/or desktop supportgroup.Can the software token solution supportusers who work on different computers?Yes, the same software token "seed" record(the secret key used to generate theauthentication code) for a given user can beinstalled on multiple computers, therebysupporting the needs of users who move fromone workstation to another and “call centers”Can multiple users share the samephysical workstation?Yes, the software token seeds for multipleusers can be installed on the same computer.Users also will have a unique PIN known only bythe token holder that is associated with theirspecific software token seed.11 NOV 2021Page 12 of 13
Can the software token be installed onmobile devices?numbers), Mastercard will automatically issuea SecurID.Currently Mastercard does not support theinstallation of the RSA application or theimport of any SecurIDs on client based mobiledevice, PDS or smartphones, the softwaretoken solution can be used only on Mastercardissued mobile devices. For security reasons, themobile device must be under Mastercard’scontrol to remotely lock or wipe the device.What types of two-factor authenticationdoes Mastercard support?Can software tokens be used on personalcomputing devices?No. The software token solution is onlyavailable for company-issued devices thatsupport remote deactivation capabilities.Software tokens are not to be installed on auser's personal device that is outside companycontrol.Note: You will not be issued a SecurID until you haveaccess to a secure application.The two‐factor authentication method thatMastercard offers is RSA’s SecurID softwaretoken. Organizations unable to use thesoftware token may use RSA’s SecurIDhardware tokens. To learn more about eachtype, click here.By default, users of an organization will be issued asoftware token.How do RSA SecurID software tokenswork?During the initial installation, the user willreceive an email from Mastercard containingthe seed file for the software token. It'simportant for the user to keep this file in asecure location. If a repair or upgrade to theuser's workstation is required, the RSAsoftware and the seed file will need to be reinstalled on the user's new computer.Organizations that choose to use RSA SecurIDsoftware tokens for two-factor authenticationwill need to download and install a small clientapplication from RSA on each company-owneddevice on which their users will work.Mastercard will issue (via secure email) tokenfiles for users for that organization who haverequested products that require two-factorauthentication withinhttps://www.MastercardConnect.com/.To learnmore about software tokens, refer to theinstallation and user procedures in this guide.How will Mastercard support thesoftware tokens?Is there a fee associated with using twofactor authentication?What if the user's computer is replaceddue to a repair or upgrade?Contact Global Customer Service via email atCustomer Support@Mastercard.com forassistance with software tokens (800-9990363 or 636-722-6636).What is the fee for continuing withhardware tokens?Please contact Global Customer ServiceCustomer Support@Mastercard.com forinformation about the hardware token userfees. There is no fee for the software token.How does a user authenticate toMastercard Connect?There are two levels of authentication:password or SecurID. By default, all Connectusers use a password to sign in. If you order anitem that allows you to access sensitivepayment card data (such as primary account 2021 Mastercard Worldwide Proprietary and ConfidentialSoftware tokens used for two‐factorauthentication do not have an associated fee.Organizations that choose to use hardwaretokens will pay a quarterly fee per token.How do I replace my SecurID?Mastercard replaces SecurID hardware tokenswhen they are lost, damaged or if a user gets anew computer.Go to the Replace SecurID option in theSupport menu.Enter your user ID, answer your securityquestions, review or change your mailingaddress, and submit your request for a newSecurID token.11 NOV 2021Page 13 of 13
2. Right click on the RSA SecurID software token desktop application then click Pin to taskbar. Delete a software token (Windows) 1. Open the RSA SecurID software token desktop application. 2. From the Options menu on the RSA SecurID Software Token application, click Manage Token, then Delete Token. A message prompt will appear asking you to .
