RSA SecurID Access Overview

Document created by RSA Information Design and Development Employee on Jul 15, 2016Last modified by RSA Information Design and Development Employee on Jun 16, 2020
Version 48Show Document
  • View in full screen mode

RSA SecurID Access provides the benefits and functionality of RSA Authentication Manager and the Cloud Authentication Service combined into one multifactor (MFA) solution. This integration enables new capabilities for existing RSA Authentication Manager Enterprise and Premium Edition customers. RSA SecurID Access provides:

  • More than just tokens. Select from a variety of secure and convenient authentication methods including mobile-optimized push notifications, device biometrics, and standards-based FIDO authenticators.

  • More ways to connect. Add policy-driven secure access and single sign-on to the leading web and SaaS applications through SAML, reverse proxy or password vaulting. Add strong authentication to your custom and third-party applications using the new REST-based RSA SecurID Authentication API and expanded RADIUS options.

  • Flexibility to mix and match. Use your existing RSA SecurID tokens to protect the cloud, use the RSA SecurID Authenticate app with traditional on-prem resources like VPNs, or mix-and-match to meet your unique requirements. The expanded features and services of RSA SecurID Access work with your existing RSA Authentication Manager solution and vice versa.

RSA Authentication Manager

RSA Authentication Manager is an on-premise multifactor authentication solution that helps secure access to network and web-accessible applications, such as SSL-VPNs and web portals. Authentication Manager verifies authentication requests, and centrally administers authentication policies, RSA SecurID hardware and software tokens, users, agents and resources across physical sites.

Authentication Manager provides the following choices for strong authentication:

  • RSA SecurID, which protects access using two-factor authentication with hardware and software-based tokens.

  • On-demand authentication (ODA), which protects access using two-factor authentication by sending authentication credentials to users upon request through SMS text messaging or e-mail.

  • Risk-based authentication (RBA), which protects access by assessing user behavior and matching the device being used to authenticate to assess the risk-level of an authentication attempt.

Cloud Authentication Service

The Cloud Authentication Service is an access and authentication platform with a hybrid on-premise and cloud-based service architecture. The Cloud Authentication Service helps secure access to SaaS and on-premise web applications for users, with a variety of authentication methods that provide multifactor identity assurance. The service helps increase user productivity with single sign-on (SSO) and enables a company to control how users access these applications with centralized access and authentication policies. The Cloud Authentication Service can also accept authentication requests from a third-party SSO solution or web application that has been configured to use RSA SecurID Access as the identity provider (IdP) for authentication.

The Cloud Authentication Service includes transparent and interactive methods for determining if a user is who he claims to be. Users can authenticate using the RSA SecurID Authenticate app, a software application that is self-registering, automatically seeded, and never expires. The app supports biometric methods such as fingerprint, Face ID, and Windows Hello, push notifications, and tokencodes that can be protected by biometrics or a PIN. The Cloud Authentication Service also supports RSA SecurID hardware and software tokens, as well as standards-based FIDO authenticators, and context-based authentication using factors such as the user's location and network. Confidence in a user's identity can also be established through risk analytics, based on user characteristics such as past behavior, devices previously used for authentication, and other factors.

Because users are enrolled for RSA SecurID Authenticate Tokencode automatically after registration with the RSA SecurID Authenticate app, you do not need to perform any additional steps to distribute this method.

Integrating RSA Authentication Manager and the Cloud Authentication Service

Integrating Authentication Manager with the Cloud Authentication Service offers opportunities to expand the resources you protect and the authentication methods you make available to users.

If you want users to access these resourcesUsing these authenticatorsSee instructions
Agent-protected resources, and you have Authentication Manager 8.4 Patch 4 or laterRSA SecurID Authenticate appConnect RSA Authentication Manager to the Cloud Authentication Service
SaaS and on-premises web applications and RADIUS clients protected by the Cloud Authentication ServiceRSA SecurID tokensEnable RSA SecurID Token Users to Access Resources Protected by the Cloud Authentication Service

If you have an Authentication Manager RADIUS deployment, expand the authentication methods available to users by moving to RADIUS for the Cloud Authentication Service. Configure a RADIUS client in the Cloud Authentication Service to protect the resources that are currently protected by RADIUS in Authentication Manager. For instructions, see RADIUS for the Cloud Authentication Service Overview.

Identity Router

The identity router is a virtual appliance that communicates with the Cloud Authentication Service and enforces authentication and access for users of protected resources. The identity router can be deployed in your on-premises network or in the Amazon Web Services cloud. An identity router includes the following services:

  • An integrated RADIUS server, which allows users to access protected resources through RADIUS-capable devices.
  • SSO Agent, which manages SSO for applications that support SAML, hosts the application portal, and performs a variety of other functions.
  • Enterprise Connector, which connects the Cloud Authentication Service to services such as LDAP directories and RSA Authentication Manager.

RSA SecurID Authentication API

RSA SecurID Access provides the RSA SecurID Authentication API, a REST-based programming interface that allows you to develop clients that process multifactor, multistep authentications through RSA Authentication Manager and the Cloud Authentication Service. The interface definition can be integrated with any programming language. The Authentication API supports RSA Authentication Manager 8.2 Service Pack 1 or later. For instructions, see the RSA SecurID Authentication API Developer's Guide.

RSA SecurID Access Editions

RSA SecurID Access is available for Base, Enterprise, and Premium editions. For more information on features provided with each edition, see RSA SecurID Access Editions.




You are here
Table of Contents > RSA SecurID Access Product Overview > RSA SecurID Access Overview