RSA SecurID Access supports using FIDO-certified security keys as an authentication option. RSA SecurID Access supports FIDO2 and U2F compliant security keys.
RSA SecurID Access supports security keys for both primary (the passwordless user experience) and additional authentication (additional or step-up authentication). FIDO2 security keys can be used for primary authentication and additional authentication . U2F security keys can be used for additional authentication.Primary authentication is only supported for service providers (SAML applications). SeeFIDO Token.
Perform these steps to start using security keys with RSA SecurID Access. These steps assume that you have an existing RSA SecurID Access Cloud Authentication Service deployment.
Set up FIDO Token as an authentication method on the Cloud Administration Console.
Determine if you want to use FIDO Token for primary authentication or additional authentication, or both. If you want to use FIDO for primary authentication, add a service provider and specify FIDO as the primary authentication method. SeeAdd a Service Provider.
Register your security key in My Page. If FIDO registration is not enabled through My Page, FIDO Token can be registered during additional authentication using in-line registration process. See different ways you can Restrict Access to My Page.