RSA SecurID Access provides preconfigured assurance levels. You can add or remove options for each level.
Before you begin
You must be a Super Admin to perform this task. Understand these guidelines and best practices:
- The first time users authenticate, they are prompted for the first option configured in the list for that assurance level. Make sure you configure options in the correct order for each level. For details on how options are presented to users for each deployment type, see Assurance Levels.
- If your company includes multiple deployment types, make sure your assurance levels contain enough options to support each type. For example, a deployment might support SSO Agent, RADIUS, and relying parties. An assurance level can require FIDO Tokens for users gaining access through the SSO Agent, but it must provide additional options for users gaining access through RADIUS or relying parties. For a complete list of supported authentication methods for each deployment type, see Supported Authentication Methods.
- You can configure an option only once. For example, if you select Fingerprint at the Medium assurance level, you cannot configure this option for another level. If you select the combination option such as SecurID Token and Approve for the High level, you cannot configure this option for another level.
- If you have enabled the setting to require users to authenticate with Fingerprint Verification or PIN to view the RSA SecurID Authenticate Tokencode, consider not adding Fingerprint as an authentication method in the same assurance level as the tokencode. Otherwise, Fingerprint Verification could be used by two authentication methods in the same assurance level.
- You can delete all options from an assurance level, but an access policy cannot specify a level that has no options.
- If your company does not use an option, you can remove that option from all assurance levels.
- Ensure that users can authenticate with at least one option from each assurance level that they will use.
- In the Cloud Administration Console, click Access > Assurance Levels.
- On the Assurance Levels page, you can do the following:
- (Optional) To add an option to an assurance level, click Add.
- (Optional) Select options from the drop-down menus. The menus are dynamic and list only options that are not currently being used.
- (Optional) To remove an option from an assurance level, click the delete symbol next to the option.
- Click Save.
- (Optional) Click Publish Changes to activate the settings immediately.