Configuring SafeWord Authentication

The SafeWord product line helps to provide secure authentication through the use of a token-based passcode. After users enter a passcode, it is immediately invalidated by SafeWord and cannot be used again.

If Access Gateway is replacing the Secure Gateway in a Secure Gateway and Web Interface deployment, you can choose to not configure authentication on Access Gateway and continue to allow the Web Interface to provide SafeWord authentication for incoming HTTP traffic.

Access Gateway supports SafeWord authentication for the following products:

• SafeWord 2008
• SafeWord PremierAccess
• SafeWord for Citrix
• SafeWord RemoteAccess

You can configure Access Gateway to authenticate using SafeWord products in the following ways:

• Configure authentication to use a PremierAccess RADIUS server that is installed as part of SafeWord PremierAccess and allow it to handle authentication.
• Configure authentication to use the SafeWord IAS agent, which is a component of SafeWord RemoteAccess, SafeWord for Citrix, and SafeWord PremierAccess 4.0.
• Install the SafeWord Web Interface Agent to work with the Citrix Web Interface. Authentication does not have to be configured on Access Gateway and can be handled by the Citrix Web Interface. This configuration does not use the PremierAccess RADIUS server or the SafeWord IAS Agent.

When configuring the SafeWord RADIUS server, you need the following information:

• The IP address of Access Gateway. When you configure client settings on the RADIUS server, use the Access Gateway IP address.
• A shared secret.
• The IP address and port of the SafeWord server.