Controlling User Access With Authentication Agents

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jan 24, 2020
Version 13Show Document
  • View in full screen mode

After installing an agent, you configure the agent to control user access to protected resources. The following table describes how each agent configuration controls user access.


Agent Configuration

Who Can Authenticate



All users in the same deployment as the agent.

Less administrative burden because there is no need to configure an agent as a restricted agent, associate user groups with agents, or manage user membership of the user groups associated with the agent. However, you can grant a user group that is associated with a logon alias access to an unrestricted agent.


Members of any group directly granted access to the restricted agent.

Members of a group nested within a group granted access to the restricted agent.

Increases security because only a subset of users is allowed to authenticate to the agent, which allows you to limit access to specific network resources.

Restricted with group access time restrictions

Members of a group or nested group who authenticate during a specified time.

Further restricts access to the agent by prohibiting authentication outside of a specified time period.



We want your feedback! Tell us what you think of this page.