RSA integration guide

RSA icon

Relativity provides you with the option to configure RSA authentication for users. You can use the RSA SecurID, which requires that users enter a username and RSA passcode, such as a PIN, followed by a token code. When the Relativity users provide this information, RSA gives them access to the system. The Relativity login page serves as a repository for RSA credentials, so no additional RSA dialogs are required.

System requirements

Before you integrate RSA SecurID with Relativity, you must complete the following tasks:

  • Make sure that your web server has a 64-bit version of the Windows operating system.
  • Install Relativity, and verify that it is working properly.
  • Set up the RSA Authentication Manager server. Server 2024 supports RSA Authentication Manager 8.1.

    Note: Relativity isn't certified to work with any version of RSA Authentication Agent for Web for Internet Information Services.

  • Set up the Authentication agent on the RSA Authentication Manager server. You can add this agent through the RSA Security Console, where you must set the Agent Type field to Standard Agent. The RSA Authentication Manager server uses this setting to communicate with Relativity. For more information, see the documentation provided for your RSA Authentication Manager server.

Copying RSA configuration files to the web server

You must copy the RSA configuration files to your Relativity web server before you configure RSA authentication in Relativity.

Use the following procedure to copy the required RSA configuration files:

  1. Open the RSA Security Console.
  2. Locate the sdconf.rec and sdopts.rec configuration files in the console.
  3. Download the sdconf.rec and sdopts.rec files to your machine.
  4. Log in to the Relativity web server.
  5. Copy these files to the RSAConfigFilePath directory. The following is the default path:
    %SYSTEMDRIVE%\Program Files\kCura Corporation\Relativity\EDDS\RSA

    Note: You can use a different location for your RSAConfigFilePath directory.

  6. Update the value of the RSAConfigFilePath instance setting in the EDDS database with the location where you copied the files in step 5. See Instance setting table.

    Note: The RSAConfigFilePath value must include the drive letter. For example,

    C:\Program Files\kCura Corporation\Relativity\EDDS\RSA
    You cannot use the %SYSTEMDRIVE% environment variable.

  7. Verify that the DOMAIN\EDDSServiceAccount has Write permissions to the RSAConfigFilePath directory. The Relativity application pool runs under the DOMAIN\EDDSServiceAccount account.

Configuring Relativity user information with RSA

Within Relativity, you configure RSA authentication at the user level. Make sure that you have copied the required configuration files to the Relativity web server before you begin. See RSA integration guide.

Use the following procedure to configure a user for RSA authentication:

  1. Log in to Relativity with system admin credentials.
  2. Select Home from the user drop-down menu.
  3. Click the Users tab.
  4. Click the Edit link next to an existing username, or create a new user. See Creating and editing a user.
  5. In the Login Method section, click New to open the Login Method Information form.

    Authentication Data field on the Users tab

  6. Select the RSA Provider for your system.
  7. In the RSA Subject field, enter < RSA login name > or <email address>. Replace < RSA login name > with the default RSA login name for the user.
    • If the RSA login name for the user is jsmith, then you would enter jsmith in the in the RSA Subject field. This setting now indicates that the user must be authenticated with RSA SecurID using the RSA login of jsmith, as well as with any tokens associated with this user.
    • If the RSA login is an email address, then enter the email address in the RSA Subject field.
  8. Click Save.

The user can now use RSA authentication to log in to Relativity.

Logging in to Relativity with RSA credentials

If your Relativity user information is configured with RSA, you can log in with the following credentials:

  • A valid Relativity account username, which is an email address.
  • An RSA passcode, which is a PIN, followed by an RSA token code.

    Note: If you are logging in with RSA authentication, don't enter a Relativity password in the Password field. This action results in an Invalid Credentials message.

Enter your email address and password on the Relativity login dialog.

After you log in, Relativity displays RSA related prompts determined by the state of your token. For example, you may see these additional dialogs:

  • User-defined new pin:

  • Login dialog displayed after you change the pin:

    login dialog displayed after pin changed

  • System-generated new pin:

  • Next tokencode: