Upload
others
View
14
Download
0
Embed Size (px)
Citation preview
NYSDOT Token and VDI Install and Use instructions_External
Page 1 of 21
Obtaining an RSA Token Accessing the VDI Client from outside the NYSDOT network requires multi-factor authentication,
commonly known as an ‘RSA token’. External users need to obtain RSA tokens to ensure uninterrupted
access.
Section I: Requesting a Hardware or Software Token
What type of token is right for me?
A hardware token is a small physical device (often referred to as a fob) that produces a secure and
dynamic code for each use and displays it on a built-in LCD display.
A software token is deployed to your mobile device (e.g., smartphone or tablet). To use your software
token you will need to install the RSA software on a mobile device. The RSA software can be
downloaded to either a state-issued device, or any personal device you use. Note: if you have a state-
issued device, such as a smart phone or tablet, you are required to obtain a software token.
We recommend that users request a software token if the user has a smart phone available since the
turnaround time is shorter to receive the token.
Both types of tokens perform the same tasks, however, software tokens are very convenient. They can
be used on the device you already have, and do not require you to carry anything extra with you.
Before you begin make sure you:
• Have at least 10 minutes to complete this process
• Read through the instructions
• Have access to a device with an Internet connection
• If you choose a software token, you will need to know what type of operating system supports your device. Operating systems compatible with RSA SecurID tokens are as follows.
• iOS
• Android
• Windows
• Follow the steps outlined in this section to request a hardware or software token.
NYSDOT Token and VDI Install and Use instructions_External
Page 2 of 21
Step 1: Navigate to https://mytoken.ny.gov. You will land at the Self-Service Console.
Step 2: Enter your User ID – this will your UPN and will typically either be (firstname.
[email protected]) Or ([email protected] Please see UPN definition to the right Then click Ok.
The UPN (User Principal Name) for NYSDOT employees is their actual NYSDOT
Outlook email address. For external consultants and contractors that were not
assigned a NYSDOT email address, it is in the format [email protected],
where userid is your Active Directory (AD) account userid. Do not enter your
external work or personal email address.
Step 3: Choose your Authentication Method by Selecting Password from the dropdown and Click the Log On button.
NYSDOT Token and VDI Install and Use instructions_External
Page 3 of 21
Step 4: Enter your Active Directory password and select Log On.
Step 5: Click the Set Up link to set up your Security Questions. Set up is a prerequisite to token approval.
Step 6: Select 5 security questions in the language of choice (answers will not be case sensitive). Once complete, select Submit Your Request. Security questions provide future verification of user authentication.
NYSDOT Token and VDI Install and Use instructions_External
Page 4 of 21
Step 7: Once successfully completed you will receive confirmation. Select Request a new token.
Step 8: Choose the type of token from the drop-down menu. You can choose either a software token or a hardware token. If you choose a HARDWARE token, proceed to Step 9. If you chose a SOFTWARE token, click here to jump to Step 12.
NYSDOT Token and VDI Install and Use instructions_External
Page 5 of 21
Step 9: For Hardware Token Requests Only. If you chose a hardware token, enter a reason for the token request. For example, “to access VDI”. Confirm or edit your mailing address. Select Submit when complete.
Step 10: You will receive confirmation once your request is submitted. Your hardware token request is now complete. Proceed to Step 11 on information related to token approval.
NYSDOT Token and VDI Install and Use instructions_External
Page 6 of 21
Step 11: Once your token request is approved you will receive an email notification from Enterprise.RSA.Prod @its.ny.gov advising you of your token status. Please retain this email until you receive your token. The enablement code will be required to enable your token. Once you receive your token refer to Section II to enable your hardware token and set your PIN.
Step 12: For Software Token Requests Only Select the radio button next to the operating system that powers your mobile device. Please note: Sample mobile phone photos are included, however, an RSA token may be imported into any mobile device (phone or tablet) provided it is powered by one of the operating systems indicated. Your Service Desk can assist in determining your operating system. Note: Users should choose a token profile that begins with the word “Enterprise” followed by their device operating system. The “Support Use Only” token should not be requested by end-users.
NYSDOT Token and VDI Install and Use instructions_External
Page 7 of 21
Step 13: After selecting your device, scroll down to create a 1) nickname for the token (e.g. Mike’s Token). 2) a 4 digit PIN (a number you can easily remember), and 3) Reason for the token request. (e.g. “to access VDI”). Select Submit when complete. **Note: Do not edit the pre-populated device serial number field.**
Step 14: You will receive confirmation once your request is successfully submitted. Click Ok. Proceed to Section III: “Downloading the RSA SecurID App”.
NYSDOT Token and VDI Install and Use instructions_External
Page 8 of 21
Section II: Enabling the Hardware Token and Setting the PIN
Hardware token users must enable the hardware token and set a PIN before using. This process is
completed only after you receive your hardware token. Follow the steps outlined in Section II to
enable your hardware token and set your PIN.
Before you begin make sure you:
• Have your hardware token in hand
• Have access to a device with an Internet connection
• Have at least 2 minutes to complete this process
• Review the instructions
Step 1: Once you have
your hardware token, you are ready to enable your token. Open the email notification you previously received from Enterprise.RSA.Prod @its.ny.gov.
Note: If you misplaced or deleted this email contact your Service Desk for assistance.
Step 2: Verify that the serial number in the email matches the serial number on the back of the token you received. Your token serial number is the 9-digit number on the back of your RSA SecurID hardware token. It can also be found in the self-service console by clicking view details next to the token image. Important: If the number
000155302827
NYSDOT Token and VDI Install and Use instructions_External
Page 9 of 21
on the back of the RSA SecurID hardware token does not match the serial number listed in the email STOP. You will need to notify your Service Desk as you may have been issued an incorrect SecurID hardware token.
Step 3: Click on token
enablement link listed in email notification to go directly to the Self-Service Console. Enter your User ID (your UPN), the enablement code identified in the email, and your token serial number. Click Ok. You will receive a message stating “your token is ready to use”. Click OK to be automatically directed back to the home page of the self-service console.
Step 4: Click Create PIN.
NYSDOT Token and VDI Install and Use instructions_External
Page 10 of 21
Step 5: Create a new PIN – PIN should be 4 numbers you can easily remember. Click Save.
Step 6: You will receive a message indicating your PIN has been successfully created.
Section III: Downloading the RSA SecurID Software Token
Application
Software token users must install the RSA SecurID software on their mobile device. Follow the
instructions below, which takes approximately 2 minutes, to download the RSA SecurID App.
Before you begin make sure you:
• Have your mobile device in hand
• Have a network connection on your mobile device
• Have at least 2 minutes to complete this process
• Review the instructions
The RSA SecurID Software Token application for iPhone or iPad can be found here
• https://itunes.apple.com/us/app/rsa-securid-software-token/id318038618?mt=8
From the App store on your mobile device, download the RSA SecurID App. If you have difficulty finding the App type “RSA SecurID” in the search field.
NYSDOT Token and VDI Install and Use instructions_External
Page 11 of 21
The RSA SecurID Software Token application for Android can be found here
• https://play.google.com/store/apps/details?id=com.rsa.securidapp
The RSA SecurID Software Token application for Windows can be found here
• https://www.microsoft.com/en-us/store/apps/rsa-securid/9nblggh0ccn2
The RSA SecurID Software Token application for Blackberry world can be found here
• https://appworld.blackberry.com/webstore/content/33979888/?lang=en&countrycode
=US
Section IV: Importing Your Token
Software token users must import their token before use. The directions in this Section will guide
software token users through the process of successfully importing the RSA software token. This section
is divided into three different sections depending on the type of smart mobile device you choose to use.
Since each token has a unique serial number, you can only import your token into the RSA App on one
device.
Before you begin make sure you:
• Have installed the RSA SecurID Software Token application on your mobile device
• Have at least 10-15 minutes to complete this process
• Read through the instructions
• Have access to a device with an Internet connection. This device must be in addition to the mobile device in which you will import your token.
• Have your mobile device in hand
• Have a network connection on your device
• Can identify the type of device you have, and know what system operates it.
NYSDOT Token and VDI Install and Use instructions_External
Page 12 of 21
Step 1: Log on to the Self-Service Console https://mytoken.ny.gov/console-selfservice from a device other than the one on which the RSA SecurID Token App is installed. Recall to use your UPN
Step 2: In the My Authenticators section of the My Account page, click Activate Your Token.
Step 3: Tap the RSA SecurID App on your mobile device to open.
Step 4: If prompted, read the license agreement and tap Accept. You will be directed to the Welcome Screen.
NYSDOT Token and VDI Install and Use instructions_External
Page 13 of 21
Step 5: Tap the QR Code symbol on the lower left hand corner to launch the camera which will scan the QR code. Tap Ok to allow access to the camera.
Step 6: Point the camera at the QR code. The camera will scan the code and import your token.
Step 7: Once successfully imported, you will receive a message on your mobile device and on your computer screen.
NYSDOT Token and VDI Install and Use instructions_External
Page 14 of 21
How to install the VDI Horizon Client application on a non-state computer Use these instructions to install the VDI Horizon Client on your device so you can connect through VDI
while off the DOT network
These instructions are based on Windows 7.
1) Open MS Internet Explorer
2) Go to https://desktop.ny.gov/
3) Select the option to Install VMware Horizon Client Software
4) Select the appropriate Client for the operating system on your computer, either VMware
Horizon Client for Windows or VMware Horizon Client for Windows 10 UWP for x86-based
devices
5) Follow the prompts for installing the client.
6) If you are prompted for information on your type of Internet address and it asks you to select
IPV4 or IPV6, select IPV4.
7) If you are prompted for a server name, enter “desktop.ny.gov”, without the quotes.
NYSDOT Token and VDI Install and Use instructions_External
Page 15 of 21
Starting the VDI Horizon Client from your non-state computer: Use these instructions to access the VDI Horizon Client on your device away from the DOT network
1) Open the VDI Horizon Client (Desktop Icon shown)
2) Enter desktop.ny.gov to the Add Server icon.
3) OR Double-click on the desktop.ny.gov server icon.
4) You will see the “Connecting…” graphic.
NYSDOT Token and VDI Install and Use instructions_External
Page 16 of 21
5) Input the RSA Token
• You will be prompted for your RSA token before you log in. If you are using a soft token
from your smart phone app be certain that you enter the correct 4 digit PIN to obtain
the token. Even if the incorrect PIN is entered the app will return an RSA Token,
however, it will be invalid.
• The RSA User name is your UPN (User Principal Name). For NYSDOT employees it is
their actual NYSDOT email address. For external consultants and contractors that were
not assigned a NYSDOT email address, it is in the format [email protected], where
userid is your Active Directory (AD) Account userid. Do not enter your work or personal
email address.
• The RSA Passcode is the token number. For those with a software token it is the eight-
digit number generated by the RSA app. For those with a hardware token, enter the 4-
digit PIN that you identified when you applied for your token and then the six-digit
token that appears on the hardware key immediately following the PIN.
NYSDOT Token and VDI Install and Use instructions_External
Page 17 of 21
6) Log into the Client
• The User name is the Active Directory (AD) userid assigned to the user when they first
were granted access to NYSDOT systems and the Password is the current password
assigned to the AD account. Select “NYSDOT” in the dropdown box for Domain and click
on Login.
7) Access your Remote Desktop
• A desktop selection screen will display
• Select the “DOT Virtual Desktop” Icon
• Your desktop will display
NYSDOT Token and VDI Install and Use instructions_External
Page 18 of 21
Access your Applications in VDI
1) You will notice a menu bar across the top of the screen. This gives you access to setup options
and for using USB devices. You may also minimize the VDI window from this menu using the
standard MS Windows line icon in the top-right corner of the menu bar. Notice the option to
Send Ctrl-Alt-Delete. If your screen locks and asks you to hit Ctrl-Alt-Delete to get back in, you
should use the menu option instead of the keyboard.
2) Some applications will need to be accessed through the “Applications” folder on the VDI
desktop rather than the links on the IntraDOT. These applications need specific software to run
in VDI. Please use the shortcut in the “Applications” folder to access these applications in VDI.
Open the Applications Folder Open your Application
NYSDOT Token and VDI Install and Use instructions_External
Page 19 of 21
Accessing VDI when Horizon Client software is not installed on your
computer:
1) Open MS Internet Explorer
2) Go to https://desktop.ny.gov/
3) Select the option below on the right for VMware Horizon HTML Access
You might see the “This Page can’t be displayed” message below. If you do, follow the instructions about turning on the specified TLS settings by clicking the “Change Settings” button. Make sure you click the “Apply” button after selecting the TLS boxes. Refreshing the https://desktop.ny.gov/ page should now work.
NYSDOT Token and VDI Install and Use instructions_External
Page 20 of 21
4) Input the RSA Token
• You will be prompted for your RSA token before you log in. If you are using a soft token
from your smart phone app be certain that you enter the correct 4 digit PIN to obtain
the token. Even if the incorrect PIN is entered the app will return an RSA Token,
however, it will be invalid.
• The RSA User name is your UPN (User Principal Name). For NYSDOT employees it is
their actual NYSDOT email address. For external consultants and contractors that were
not assigned a NYSDOT email address, it is in the format [email protected], where
userid is your Active Directory (AD) Account userid. Do not enter your work or personal
email address.
• The RSA Passcode is the token number. For those with a software token it is the eight-
digit number generated by the RSA app. For those with a hardware token, enter the 4-
digit PIN that you identified when you applied for your token and then the six-digit
token that appears on the hardware key immediately following the PIN.
5) Log into VDI
• Enter the Active Directory (AD) userid assigned to the user when they first were granted
access to NYSDOT systems, password will be the current password assigned to the AD
account. Select “NYSDOT” in the dropdown box for Domain and click on Login.
NYSDOT Token and VDI Install and Use instructions_External
Page 21 of 21
6) Access your Remote Desktop
• A desktop selection screen will display
• Select the “DOT Virtual Desktop” Icon
• Your desktop will display