RSA SecurID Authenticate Device Registration

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by Andrea Taylor on Sep 20, 2018
Version 30Show Document
  • View in full screen mode

  

Users complete RSA SecurID Authenticate device registration so that they can use the RSA SecurID Authenticate app (registered on a phone, tablet, or desktop or PC) to authenticate to protected applications.

 

Device registration binds the device to the user. After device registration, when the user needs to authenticate to an application, RSA SecurID Access prompts the user for methods that the user can complete, for example, Approve, RSA SecurID Authenticate Tokencode, or Device Biometrics. Users who do not register a device using the RSA SecurID Authenticate app are not presented with authentication methods that require the app.

SMS Tokencode, Voice Tokencode, FIDO token, and RSA SecurID token do not require this type of registration.

A user can register a single device with the RSA SecurID Authenticate app installed.

 

How Device Registration Works

Users can complete device registration in one of two ways:

  • Download the RSA SecurID Authenticate app on a device (iOS, Android, or Windows 10) and enter the identity source email address, your Company ID, and the identity source password (as the Registration Code) in the app.

    You can use the Device Registration Using Password policy to restrict which users are allowed to complete device registration using an identity source password as the registration code. For more information, see Device Registration Using Password Policy.

  • Use RSA SecurID Access My Page, a web portal that helps provide a secure way for users to complete device registration using multifactor authentication and QR or numeric registration codes. Users sign into My Page on one device (for example, a computer), download the RSA SecurID Authenticate app on another device (iOS, Android, or Windows 10), scan a QR code, and complete an optional test authentication. Users can also manually enter a numeric registration code if they are unable to scan a QR code.

    By default, My Page is disabled. You must enable it in Platform > My Page before users can use My Page. When you enable My Page, you also select the primary authentication method and the policy to use for additional authentication for signing into My Page.

For a complete overview of the steps users perform to complete device registration, see RSA SecurID Authenticate Device Registration Overview. For rollout information, see RSA SecurID Access Rollout to Users.

 

Device Registration and User or Device Changes

The following table summarizes how RSA SecurID Access handles device registration with user or device changes.

                      
SituationHow RSA SecurID Access Handles It
A user completes device registration, deletes or uninstalls the RSA SecurID Authenticate app, and then later needs to complete device registration again on the same device.The user installs the RSA SecurID Authenticate app again and re-registers the device without administrative action.
 
  • A user completes device registration on one device and then gets a new device. The user needs to complete device registration on the new device.
  • A user performs a factory reset on a registered device and wants to reinstall the app on the same device.

The administrator must delete the user's current device before the user can complete device registration on the new device.

 
  • An existing user who has completed device registration on the device no longer needs the device and gives the device to a new user.
  • An existing user who has completed device registration on the device no longer needs the device, performs a factory reset, and gives the device to a new user.
 
  1. If necessary, the existing user deletes the RSA SecurID Authenticate app.
  2. The new user installs the app and completes device registration without administrative action.
 

Device Registration with Multiple Companies

An individual user can use the RSA SecurID Authenticate app on a single registered device to authenticate to resources protected by up to five different companies.

For example, a user who is a contractor for both Company A and Company B can use a single device to perform step-up authentication to access both companies. The user registers the device for one company and uses the My Account screen to add additional companies as needed.

An administrator might use a single device for testing the behavior of the RSA SecurID Authenticate app for a company's testing environment and production environment. In this case, each environment has a unique company ID that the administrator uses when registering the device with each environment.

If an administrator for one company uses the Cloud Administration Console to delete a user's registered device, the RSA SecurID Authenticate app on the user's device continues to work normally for any other companies. The activity from one company does not affect the app behavior for other companies.

 

 

 

 

 

You are here

Table of Contents > Users and Devices > Device Registration

Attachments

    Outcomes