RSA SecurID Access Editions

Document created by RSA Information Design and Development Employee on Apr 14, 2017Last modified by RSA Information Design and Development Employee on Jan 19, 2021
Version 45Show Document
  • View in full screen mode

RSA SecurID Access offers three editions: Base Edition, Enterprise Edition, and Premium Edition. For details, see:

Authentication Components

The following table shows the authentication software available with each edition.

 Base EditionEnterprise EditionPremium Edition

Authentication Manager Server:

1 Primary Instance, 1 Replica Instance


Cloud Authentication Service


Authentication Manager Server:

1 Primary Instance and up to 15 Replica Instances

Authentication Manager server with Authentication Manager Bulk Administration (AMBA) xx

RSA SecurID Access Federal

RSA offers a FedRAMP-authorized version of each RSA SecurID Access edition. RSA SecurID Access Federal includes code changes for FedRAMP compliance.

RSA SecurID Access Federal does not support authentication with SMS Tokencode or Voice Tokencode.

Authentication Agents

All RSA SecurID Access editions support the following authentication agents:

  • Standard agents: IIS/Apache, Windows (RSA Authentication Agent and RSA MFA Agent), PAM, Citrix, ADFS

  • 400+ RSA Ready SecurID agents (VPN, perimeter & on-premises)

  • RADIUS agents with token support

  • RSA SecurID Authentication API - deployed on-premises

  • RADIUS agents with push and biometrics support

  • Cloud SAML authentication

  • Authentication API - cloud deployed

  • SSO Agent for SaaS and web (SAML, proxy, and password vault)

Authentication Methods

All RSA SecurID Access editions support the following authentication methods:

  • SecurID hardware and software tokens, on-demand authentication (ODA/SMS)

  • Authenticate App: Tokencode, Approve, or Device Biometrics (such as Fingerprint, Face ID, or Windows Hello)

  • Integrated SMS Tokencode and Voice Tokencode

  • Emergency Tokencode

Enterprise or Premium Edition is required to enable third-party FIDO authenticators.

Individual authenticators are sold separately.

Access Policy Attributes

The Cloud Authentication Service allows you to use specific attributes in access policy conditional expressions. These expressions are used to determine authentication requirements and who is allowed or denied access to resources. The following table shows which attributes are available with each edition.


Access Policy AttributesBase EditionEnterprise EditionPremium Edition
Identity source attributes (used in rule sets to select target population for policy)xxx
IP address (conditional attribute)xxx

Additional conditional attributes:

  • Authentication Type

  • Authentication Source

  • Country

  • Known Browser

  • Trusted Location

  • Trusted Network

  • User Agent


Premium Edition attributes include all attributes listed above and the following conditional attributes:

  • High-Risk User List

  • Identity Confidence


Note:  If your deployment is downgraded from Premium Edition to Enterprise Edition, you must examine your access policies and edit them if necessary to ensure that they comply with the Enterprise Edition license. Policies that are not up-to-date can result in authentication failures.





You are here
Table of Contents > Product Basics > RSA SecurID Access Editions
1 person found this helpful