Skip navigation
All Places > Products > RSA SecurID Access > Blog > Author: Gary Wood

RSA SecurID Access

3 Posts authored by: Gary Wood Employee

The RSA SecurID Access team is excited to provide the following updates as part of the May, 2020 release.  


Emergency Access now available for FIDO protected resources 

Emergency access greatly enhances productivity by unblocking access to business critical resources when a user may have lost, misplaced or forgot their authentication device.  Emergency access codes may be used for a fixed period of time as determined by the issuing help desk administrator.

Many organizations are providing passwordless experience to their users to access SaaS/Web applications using FIDO2 as a primary authentication method.  In the May release, users who are using FIDO2 when configured for primary authentication, lose or misplace their security key, can obtain an Emergency Access Code (EAC) as authenticator to gain access to their critical resources protected by FIDO with no loss in productivity.  And they can logon to the RSA My Page Self Service Portal with their EAC to begin the process begin the process of enrolling to obtain a replacement FIDO Security Key.


Improved Security for Administrators Who Require Resetting Their Password

The password reset process for all administrators has been made more secure.  For existing administrators, to securely reset any Cloud Administration Console password, the password reset must be completed within two hours of requesting the password reset link. 


See the May Release Notes which provides complete details on these new capabilities and other miscellaneous updates coming out in the May 2020 release. 

Calling all RSA Authentication Manager (AM) customers!  Interested in enabling your end users to have a more convenient and secure modern multi-factor authentication experience?   Now is the time to act. 


What is really exciting, is that you can enhance the end user experience without disrupting or changing your existing authentication agent infrastructure.  Users can authenticate using their SecurID pin + mobile "push-to-approve" to existing SecurID agents such as VPN, PAM and RADIUS clients without the need to disrupt existing user populations. 


RSA has just announced the release of RSA Authentication Manager 8.4 Patch 4 which has several new features that provides an easy and efficient approach to adopting multi-factor authentication.     

  • Accelerate the time value by simply clicking on new wizard button:  From the AM console, super administrators can easily connect RSA Authentication Manager to the cloud authentication service and perform a test authentication for validation.  This process will require you to copy a Registration Code and URL from the Cloud Authentication Service into the wizard to establish a one-way secure SSL channel between AM and the Cloud Authentication Service.  For additional security, add a proxy server.  
  • Invite users to register for modern mobile MFA directly from the Manage Users page in the RSA Authentication Manager console:  A default email template is provided which can be customized to meet your internal communication requirements.  Simply select the users and an email will be sent that includes the URL to My Page the new RSA SecurID Access Self Service Page.  Establish a policy that requires your selected users to login to My Page.  Several options are available including using their existing SecurID token for added security.  Once in My Page, users can register their mobile device and download the Authenticate App.
  • Unified Management Console: Help Desk administrators can manage mixed token / MFA deployments through the enhanced unified management capabilities of the AM User Dashboard to rapidly troubleshoot and resolve end user calls.   


Four Easy Steps to get started now

  1. Contact your RSA Sales Representative or you RSA Channel Partner to get your RSA Cloud Tenant provisioned.   Take advantage of the free MFA Promotion currently available.
  2. Deploy the Cloud Authentication Service (IDR and Cloud Tenant); Connect the Identity Router component to the same Identity Source that your RSA Authentication Manager is connected to. 
  3. Enable the new SecurID Access My Page self-service console; Select a policy to access My Page
  4. Download and install RSA Authentication Manager AM 8.4 Patch 4.  Click on the “Configure the Connection: Button from the AM Security Console to create the secure channel and invite users to register and enroll.


For more information, click here:  Modern-MFA

With the availability of RSA Authentication Manager (AM) v8.3, you now have the option to transition your RSA SecurID® Access deployment to the cloud and take advantage of the business agility, and economies of scale that Amazon Web Services (AWS) cloud computing offers. Create a hybrid or full Virtual Private Cloud (VPC) solution that best meet your business needs.

Create Hybrid or Full AWS Virtual Private Cloud solutions

In a Hybrid VPC model, the AM Primary instance and a Replica instance (for disaster recovery) are typically maintained in on-premise data centers for administration. Replica instances can be deployed in selected AWS regions to ensure 7x24 authentication services availability. In a full VPC deployment, all components: AM Primary, AM Replicas, Web Tiers, as well as devices protected with RSA SecurID Agents or RADIUS Clients can be moved to the cloud.

A major strength of RSA SecurID Access is the RSA Ready Partner Program where hundreds of products (VPNs, Load Balancers, Web Servers, Applications, etc.) have out-of-the-box interoperability with RSA SecurID Access. This will result in a smoother transition to the cloud. RSA strongly recommends that RSA Best Practices be maintained such as configuring Security Groups for secure connections to RSA SecurID Standard Agents or RADIUS Clients.

How to Obtain the AWS AMI

RSA has made it easy to obtain the RSA Authentication Manager AWS Machine Image (AMI). Existing RSA SecurID Access customers can simply contact RSA Customer Support. An RSA Customer Relations Desk representative will validate your RSA Support agreement and obtain your AWS Account Number (AWS Commercial or GovCloud) on your behalf. You will receive an email confirmation from RSA SaaS Operations indicating that the RSA Authentication Manager AMI located in the RSA Private AWS Community has been shared with your AWS account number. New customers can simply order the AMI at no charge. Contact your RSA account representative for more information.    

Configuring the AWS AMI

Configuring the AMI is easy. Simply login to your AWS Account EC2 console; choose AMI Private Image; search for the RSA Authentication Manager v8.3 AMI ID provided in the email notification and follow the instructions to Choose & Configure Instance Type, Add Storage, Add Tags, Review, and Launch the AMI. Be sure to keep all necessary information provided, including the RSA AM Quick Setup URL and the Quick Setup Access Code. Go to your browser, enter the URL and access code, and you’re ready to configure an AM primary or replica instance.


More than Just an AMI

RSA Authentication Manager v8.3 also includes a number of new features that make it easier to manage your RSA SecurID Access solution - improved agent visibility & reporting, efficient auto-assignment of tokens by expiration date and added search by token serial number capabilities in the User Dashboard.  

RSA Authentication Manager 8.3 Amazon Web Services (AWS) Virtual Appliance Getting Started

Filter Blog

By date: By tag: