RSA Authentication Manager is a multi-factor authentication solution that verifies authentication requests and centrally administers authentication policies for enterprise networks. Use Authentication Manager to manage security tokens, users, multiple applications, agents, and resources across physical sites and in the Cloud, and to help secure access to network, Cloud, and web-accessible applications, such as SSL-VPNs and web portals.
Passwords are a weak form of authentication because access is protected only by a single factor — a secret word or phrase selected by the user. If this password is discovered by the wrong person, the security of the entire system is compromised. Multifactor authentication provides stronger protection by requiring two or more unique factors to verify a user’s identity. Authentication factors in a multifactor system may include:
- Something the user knows (a password, passphrase, or PIN)
- Something the user has (a hardware token, laptop computer, or mobile phone)
- Something the user does (specific actions or a pattern of behavior)
The RSA SecurID Access Base Edition, Enterprise Edition, and Premium Edition include both Authentication Manager and the Cloud Authentication Service. The Cloud Authentication Service supports multiple forms of authentication, such as mobile-optimized push notification (Approve), device biometrics, and standards-based FIDO tokens.
Integrating Authentication Manager and the Cloud Authentication Service
Integrating Authentication Manager with the Cloud Authentication Service offers opportunities to expand the resources you protect and the authentication methods you make available to users.
|If you want users to access these resources||Use these authentication methods||See instructions|
|SaaS and on-premises web applications and RADIUS clients protected by the Cloud Authentication Service||RSA SecurID tokens||Enable RSA SecurID Token Users to Access Resources Protected by the Cloud Authentication Service on RSA Link|
|Agent-protected resources||Authenticate Tokencode *||Enable Cloud Authentication Service Users to access Resources Protected by RSA SecurID on RSA Link|
* Users install the RSA SecurID Authenticate app on a supported device to use Approve or generate tokencodes.
If you have an RSA Authentication Manager RADIUS deployment, expand the authentication methods available to users by moving to RADIUS for the Cloud Authentication Service. This path involves configuring a RADIUS client in the Cloud Authentication Service to protect the resources that are currently protected by RADIUS in Authentication Manager. For instructions, see RADIUS for the Cloud Authentication Service Overview on RSA Link.
To deploy the Cloud Authentication Service, contact your RSA Sales representative.
Additional Choices for Strong Authentication
In addition, Authentication Manager provides the following choices for strong authentication:
- RSA SecurID tokens. Hardware and software tokens provide tokencodes that enable users to authenticate and access resources protected by Authentication Manager and the Cloud Authentication Service.
A tokencode is a pseudorandom number, usually six digits in length. Tokencodes are time-based, changing at regular intervals. To gain access to protected resources, a user enters a personal identification number (SecurID PIN) + the number displayed on the token (tokencode). The combination of the SecurID PIN and the tokencode is called a passcode.
The user is granted access only if Authentication Manager validates the passcode. Otherwise, the user is denied access. Authentication Manager also supports pinless SecurID authentication, in which case a SecurID PIN is not required.
- Risk-based authentication (RBA). Strengthens RSA SecurID authentication and traditional password-based authentication by discreetly analyzing user behavior and the device from which a user authenticates to identify potentially risky or fraudulent authentication attempts. When RBA is used to protect a network resource, the system determines the assurance level of each authentication attempt based on the user’s profile, authentication device, and authentication history.
- On-demand authentication (ODA). Delivers a one-time tokencode to a user by way of e-mail or Short Message Service (SMS). This tokencode, combined with a PIN known only by the user, enables strong two-factor authentication without the need for a physical token or dedicated authentication device. You can use ODA as a standalone authentication method or as an identity confirmation method for RBA.
Copyright © 1994 - 2019 Dell Inc. or its subsidiaries. All Rights Reserved.