Thanks, Mario. The tech for the RSA piece here says it's a Microsoft ISA issue since it's Microsoft's APIs that are being used. I've seen some stuff on this list about using RSA with ISA but never anything that went to this level. Tom/Jim, Comments and/or suggestions? Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ________________________________ From: mjjdejonge@xxxxxxxxxxxxxxxxxxxxxxxx [mailto:mjjdejonge@xxxxxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 28, 2006 12:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 Enterprise Edition RSA-Integration http://www.ISAserver.org Gerald We have not done this completely intergraded, As RSA has its own password ID and not with the windows one. This is one you need to ask to RSA. But I agree I would be a very nice solution. Greetz, mario ________________________________ Van: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Verzonden: Tuesday, February 28, 2006 17:49 Aan: [ISAserver.org Discussion List] Onderwerp: [isalist] RE: ISA 2004 Enterprise Edition RSA-Integration http://www.ISAserver.org Mario, VPN isn't what my desired outcome is. :-( When you ask about using web login with OWA, what specifically are you asking? A user is required to log onto OWA through the OWA default page (logon.asp). Is that what you're talking about? If an OWA box is configured with an RSA agent running on it (not ISA-based RSA API), the RSA agent will check to ensure that the user authenticating against OWA is the same that authenticated against RSA. If the users don't match, RSA displays an error page stating such. Our desire is to move this user checking off onto the ISA server. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ________________________________ From: mjjdejonge@xxxxxxxxxxxxxxxxxxxxxxxx [mailto:mjjdejonge@xxxxxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 28, 2006 11:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 Enterprise Edition RSA-Integration http://www.ISAserver.org Dear Gerald For the OWA solution are you using it with web login? Ore without web login? VPN is supported in RSA with ISA2004. Cheerz Mario ________________________________ Van: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Verzonden: Tuesday, February 28, 2006 17:26 Aan: [ISAserver.org Discussion List] Onderwerp: [isalist] ISA 2004 Enterprise Edition RSA-Integration http://www.ISAserver.org All, I'm at a bit of an impasse. I have configured an ISA 2004 EE Array to use RSA SecurID for accessing a published OWA site. I can authenticate against the RSA Authentication Manager just fine. The problem comes when the OWA site is passed back to the client; a user different from the one that authenticated against RSA can log onto OWA. Does ISA 2004 EE only support a VPN-like logon (authenticate against RSA for access to the network) for RSA? Or is there a way to have the ISA Array ensure that "two-factor" authentication is followed without putting an RSA agent on it? Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.