Device registration binds a device (phone, tablet, or desktop or PC) to a user. It is a prerequisite for using a device to authenticate to a protected application using RSA SecurID Access.
Purpose of Device Registration
The purpose of registering a device is to authenticate using methods that are specific to the device, for example, Approve, RSA SecurID Authenticate Tokencode, and Device Biometrics on an iOS or Android mobile device. SMS Tokencode, Voice Tokencode, FIDO token, and RSA SecurID token do no require this type of registration.
Note: Users who do not register a device using the RSA SecurID Authenticate app are not presented with authentication methods that require the app.
A user can register a single device with the RSA SecurID Authenticate app installed.
When Device Registration Occurs
A device becomes registered when the user installs the RSA SecurID Authenticate app and follows the prompts in the app. During this process, a user does the following:
- Accepts the license agreement.
- Enters the identity source email address (called User ID), your RSA SecurID Access company ID, and the identity source password.
Device Registration and User or Device Changes
The following table summarizes how RSA SecurID Access handles device registration with user or device changes.
|Situation||How RSA SecurID Access Handles It|
|A user completes device registration, deletes or uninstalls the RSA SecurID Authenticate app, and then later needs to complete device registration again on the same device.||The user installs the RSA SecurID Authenticate app again and re-registers the device without administrative action.|
| || |
The administrator must delete the user's current device before the user can complete device registration on the new device.
| || |
Device Registration with Multiple Companies
An individual user can use the RSA SecurID Authenticate app on a single registered device to authenticate to resources protected by up to five different companies.
For example, a user who is a contractor for both Company A and Company B can use a single device to perform step-up authentication to access both companies. The user registers the device for one company and uses the My Account screen to add additional companies as needed.
An administrator might use a single device for testing the behavior of the RSA SecurID Authenticate app for a company's testing environment and production environment. In this case, each environment has a unique company ID that the administrator uses when registering the device with each environment.
If an administrator for one company uses the Cloud Administration Console to delete a user's registered device, the RSA SecurID Authenticate app on the user's device continues to work normally for any other companies. The activity from one company does not affect the app behavior for other companies.