Skip navigation
All Places > Products > RSA SecurID Access > Blog > Author: Nandini V

RSA SecurID Access

2 Posts authored by: Nandini V Employee

In today’s ever-changing world, enterprises are striving to deploy the right identity management strategy that fits their current environment and future needs. Businesses with the traditional physical-office-only setup, have had to adapt and flex new muscles to enable remote access for their employees.


As the businesses shift the operations from office to home, remote working does come with its risks. Unprotected endpoints through which the workforce accesses the corporate network become easy targets. These laptops contain the organization’s sensitive data. Protecting these corporate endpoints and workstations with stronger multi-factor authentication is no longer a choice, it’s a necessity.


The timing couldn’t have been better for launching the latest RSA SecurID Access innovations, including RSA MFA Agent 2.0.1 or Microsoft Windows, considering the need to rapidly enable remote access to dynamic workforce leveraging the RSA Cloud Authentication Service. MFA Agent 2.0.1, built on a modern and secure interface, provides a seamless and consistent Windows sign-in experience from ground-to-cloud.


The traditional RSA Authentication Agent 7.4 connects to RSA Authentication Manager to provide strong and highly reliable authentication services. MFA Agent 1.2 built on REST interface, enables modern authentication such as push to approve and device biometrics leveraging RSA Cloud Authentication Service.

MFA Agent 2.0.1 merges the best of two worlds. It is a universal Agent leveraging RSA Authentication Manager 8.5 and the RSA Cloud Authentication Service to provide strong multi-factor authentication to users signing into Windows, both online and offline.


Boost Remote Productivity and Experience – With No Fail-Open

Enabling secure remote access is the top concern for organizations. Seamless and consistent authentication experience is no longer a second priority. When users are challenged for multi-factor authentication, they do not care if they are connected to an on-premises data center or cloud. They want convenience and consistency whether they are online or offline. With “no fail-open” offline authentication mechanisms, RSA ensures users are fully authenticated with strong multi-factor authentication even if they are offline. In addition to providing various options for online and offline authentication, MFA Agent 2.0.1 takes care of emergencies too. Users with lost or stolen authenticators or no network connectivity can now log on to Windows machines using Emergency Access codes without causing any disruptions.


More Power to Administrators - Dynamic workforce just got even more dynamic

The year 2020 saw a sharp increase in remote workers - comprising permanent employees, temporary workers, and third-party partners. In addition to provisioning remote access, you need to ensure the right authentication methods are enforced to the right people with the right assurance levels. Through the admin console, you can manage every user’s authentication requirements – from traditional hardware tokens to device biometrics. MFA 2.0.1 also offers administrators a slew of controls to tailor the authentication experience to meet their business needs. Policies are at your disposal to customize the settings such as - load balancing and failover mechanisms, user access with challenge groups, and password order changes. These additional controls not only empower the administrators but also provide greater flexibility.


Accelerate the journey to the cloud – Change doesn’t always have to be scary

Organizations are looking to modernize the authentication experience and migrate to the cloud. But are apprehensive about the possible disruptions it could cause to their current set-up. In that light, here are some key features to help you with this preparation. 

Connecting on-premises to the cloud: The proxy and high availability features of Authentication Manager 8.5 ensures the dynamic workforce is secured 24x7. If the cloud service becomes unavailable the RSA Authentication Manager takes over authentication requests. This hybrid approach ensures users are “always-on” and work as securely, reliably, and productively as those on the network.

Co-existence of Agents: Co-existence of traditional and MFA Agents allows you to take a phased approach. Break down the large deployment into smaller launch plans targeting the sub-population to leverage Cloud Authentication Service.

Migration & Upgrade Paths: For a smooth migration from the Authentication Agent 7.4 or later versions,  you can use the migration utility packaged with the installer. This ensures the policy settings are migrated automatically to the new policy templates.  Customers who are on MFA Agent 1.1 or later version can directly upgrade to MFA 2.0.1.


To learn more about the features see release notes.

As we all are transitioning to embrace the new normal and support the remote workforce, there is an unprecedented need to keep the endpoints secure without compromising convenience. It is critical that we take steps to enable the dynamic workforce to access resources by providing a frictionless and seamless experience. We are excited to provide updates as part of June, 2020 Release that perfectly align with this objective.



RSA® MFA Agent for macOS® 


Endpoint security is a major concern for CSO and IT managers. Given the pandemic situation, there is a significant increase in the number of end-user devices (especially through laptops and desktops) trying to access the corporate network remotely, along with a corresponding increase in the number of hackers trying to compromise. With RSA® MFA Agent for macOS®, organizations can protect and ensure secure logins to the macOS® laptops and workstations. RSA® MFA Agent for macOS® works with RSA SecurID Access Cloud Authentication Service to require users to provide additional authentication to sign into macOS® consoles, whether they are online or offline. 


Today’s enterprises understand and acknowledge the need to manage identities in a dynamic fashion given their dynamic environment and dynamic workforce. Although strong authentication is top of mind, convenience and user experience are no longer a secondary priority. Defying the “more-is-more" approach, customers and users want to manage minimum set of authenticators for an efficient and seamless experience across use cases.  


Above statement being our preamble of the RSA® MFA Agent for macOS®,  authentication options available to end-users are  Push to Approve, RSA SecurID Authenticate Tokencode and RSA SecurID Tokens when things are all fine.
The Agent falls back to Authenticate Tokencode when users are offline and offers Emergency Tokencode option when they have no access to authenticators. With RSA SecurID Access, users are always connected securely. 


By protecting the macOS machines not just during user logins but also during screen unlocks and with the no-fail-open design, RSA ensures there is no “slip through the cracks” situation even when the Agent is unreachable to the Cloud Authentication Service.


To know more and watch the the MFA Agent in action, 

Cake for All! Secure & Convenient Login for The New Enterprise for macOS®  

Watch RSA® MFA Agent for macOS® In Action


View and Track License Usage Information  


Understanding the product usage is an important factor for planning and forecasting future license upgrades. Customers can view their current usage of MFA on RSA SecurID Access and Authenticators registered for the service. Administrators can access the following information to determine:

  • Number of users with Multi-factor authentication (MFA) licenses 
  • Number of users with third-party FIDO authenticators
  • Number of SMS/Voice Tokencodes consumed 


This data is refreshed automatically every hour to ensure that administrators have visibility to the most recent information.


Get More Out of Enterprise and Premium Editions of RSA SecurID Access with the Third Party FIDO Authenticators 


We all know how effective FIDO is when it comes to thwarting phishing and man-in-the-middle attacks. FIDO Alliance promotes and supports the stronger authentication standards that help reduce the over-reliance on the passwords. So is RSA!  


In December 2019, RSA partnered with Yubico® to address the needs of a dynamic workforce and provide modern and frictionless authentication experience with the FIDO authentication solution. With FIDO2 and RSA SecurID Access Authentication services, RSA customers enjoy the passwordless experience while accessing SaaS and web applications.  


Until recently, the customers had to purchase RSA SecurID MFA licenses to use FIDO/FIDO2 authenticators. With this change, we are removing the frictions for the enterprises to adopt and build stronger and more modern authentication strategies.  


FIDO Authentication Support  


While we are talking about extending the support for FIDO, why not talk about RSA SecurID Authentication API. RSA SecurID Authentication API, a REST-based programming interface that allows RSA customers and partners to leverage MFA capabilities for the custom-built applications.


In the June release, RSA SecurID Authentication API supports FIDO/FIDO2 as authentication method along with the existing MFA methods. To supplement FIDO as part of authentication, RSA SecurID Access supports managing the entire lifecycle too. RSA understands, for the organizations to begin using FIDO at scale, it requires more than just the authentication support for the protocol. At the initial login authentication attempt, users can enroll their FIDO authenticators or keys before using them as part of multi-factor authentication methods. By providing users with the ability to manage

the keys with self-service and in-line registration, RSA removes barriers for organizations and technology partners to adopt RSA SecurID Authentication support for FIDO.  



To learn about additional updates coming out in June 2020, see June Release Notes. 


Filter Blog

By date: By tag: