Introduction to RSA Authentication Manager

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

RSA Authentication Manager is a multi-factor authentication solution that verifies authentication requests and centrally administers authentication policies for enterprise networks. Use Authentication Manager to manage security tokens, users, multiple applications, agents, and resources across physical sites, and to help secure access to network and web-accessible applications, such as SSL-VPNs and web portals.

How RSA Authentication Manager Protects Your Network

RSA Authentication Manager protects resources on your network by requiring users to authenticate using multi-factor authentication methods.

Passwords are a weak form of authentication because access is protected only by a single factor — a secret word or phrase selected by the user. If this password is discovered by the wrong person, the security of the entire system is compromised. Multi-factor authentication provides stronger protection by requiring two or more unique factors to verify a user’s identity. Authentication factors in a multi-factor system may include:

  • Something the user knows (a password, passphrase, or PIN)
  • Something the user has (a hardware token, laptop computer, or mobile phone)
  • Something the user does (specific actions or a pattern of behavior)

Authentication Manager provides the following choices for strong authentication:

RSA SecurID tokens. Hardware and software tokens provide tokencodes that enable users to authenticate and access resources protected by Authentication Manager.

A tokencode is a pseudorandom number, usually eight digits in length. Tokencodes are time-based, changing at regular intervals.

To gain access to protected resources, a user enters a personal identification number (SecurID PIN) + the number displayed on the token (tokencode). The combination of the SecurID PIN and the tokencode is called a passcode.

The user is granted access only if Authentication Manager validates the passcode. Otherwise, the user is denied access. Authentication Manager also supports pinless SecurID authentication, in which case a SecurID PIN is not required.

Risk-based authentication (RBA). Strengthens RSA SecurID authentication and traditional password-based authentication by discreetly analyzing user behavior and the device from which a user authenticates to identify potentially risky or fraudulent authentication attempts. When RBA is used to protect a network resource, the system determines the assurance level of each authentication attempt based on the user’s profile, authentication device, and authentication history.

On-demand authentication (ODA). Delivers a one-time tokencode to a user by way of e-mail or Short Message Service (SMS). This tokencode, combined with a PIN known only by the user, enables strong two-factor authentication without the need for a physical token or dedicated authentication device. You can use ODA as a standalone authentication method or as an identity confirmation method for RBA.

Authentication Manager is scalable and can authenticate up to one million users. It is interoperable with a wide variety of applications. For a list of supported applications, go to




Copyright © 1994 - 2017 EMC Corporation. All Rights Reserved.