Users can access RSA SecurID-protected resources with Authenticate Tokencode when the Cloud Authentication Service or the connection is temporarily unavailable or too slow. Users who authenticate with methods that are supported by the Authenticate app, such as Approve and Device Biometrics, are prompted for Authenticate Tokencode. This feature does not support forwarding RADIUS authentication to the Cloud Authentication Service or authentication to SaaS applications.
Before you begin
License usage does not increase for users who already have a registered authenticator.
- Connect RSA Authentication Manager to the Cloud Authentication Service.
You must have either a direct connection between RSA Authentication Manager 8.5 and the Cloud Authentication Service or a connection that uses the embedded identity router in Authentication Manager. This feature does not support a connection that uses identity routers on platforms in your on-premises network or in the Amazon Web Services cloud.
- The Cloud Authentication Service mapping for Primary Username and Authentication Manager mapping for UID must point to the same attribute in the identity source. When the Cloud Authentication Service sends token records to Authentication Manager, Authentication Manager uses the securIDUsername field from the token records to find users in the identity source that is synchronized to the Cloud Authentication Service.
- Enable High Availability Tokencodes in the Cloud Administration Console:
- In the Cloud Administration Console, click Platform > Authentication Manager.
- In the High Availability Token field, click Enable.
- Click Publish Changes to apply the configured settings.