RSA SecurID Access Cloud Authentication Service Deployment

Document created by Dihanna Thomas Employee on Jul 18, 2017Last modified by Connor Mccarthy on Dec 1, 2017
Version 3Show Document
  • View in full screen mode






In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us




This training course offers hands-on training on the deployment and configuration of Enterprise, and Premium Edition components of an RSA SecurID Access system.



Students leave this training course with the experience of deploying and configuring RSA SecurID Access Identity Router, SSO Agent, and Identity Assurance system components.


The architecture and deployment options for on-premise and cloud-based components are described to provide a comprehensive security and single sign-on solution. Extensive hands-on exercises provide the experience of deploying system components and configuring a variety of authentication options.


This course assumes that the student has met the suggested prerequisite training.



IT or other technical personnel who install, service and support RSA SecurID Access deployments.

Delivery Type

Virtual Classroom


3 days


Prerequisite Knowledge/Skills

Students should have familiarity with the concepts of: strong (multi-factor) user authentication, cloud applications, single sign-on, and networking communication.


Students should complete the following RSA University on-demand learning courses prior to attending this course:

  • Introduction to the RSA SecurID Access Solution
  • Introduction to RSA SecurID Access Architecture


Students must have their own computer and internet connectivity to participate in on-line classes and must provide their own mobile device (smartphone or tablet) to complete exercises involving the RSA SecurID Access Authenticate mobile app.


Learning Objectives

Upon successful completion of this training, participants should be able to:

  • Plan and perform the pre-deployment, deployment, and configuration tasks to complete an operational environment to support single sign-on and multi-factor authentication
  • Configure system-level parameters
  • Configure and connect to LDAP Identity Sources/User Stores
  • Install and configure the RSA Identity Router
  • Know how to construct a system to provide high availability and redundancy/failover capabilities


Course Outline

  • RSA SecurID Access identity Router and Hosted Service Architecture
    • Single and High Availability deployments
    • Network connectivity and port requirements
  • Identity Router Implementation Overview
    • Implementation planning and checklist
    • Initial console connection
  • Deploying the Identity Router
    • Downloading the Identity Router image
    • VMware image deployment and VMware Console configurations
    • Identity Router Setup Web Console
    • Obtaining Identity Router updates
  • Clustering
    • Cluster overview
    • Cluster quorums
    • Cluster backups for User Profiles
  • System Configurations
    • System Digital Certificates
    • Connecting an Identity Source
    • User Application Portal
  • SSO Agent Configuration
    • Configuring the Application Portal
    • Creating Access Policies
      • Rules and Rule Sets
      • Assurance Level
    • Adding Web Applications
      • Application Catalog and Template options
      • Application Availability and Visibility
  • Configuring SAML Applications
    • IdP-Initiated and SP-Initiated SSO Profiles


  • Configuring Integrated Windows Authentication (IWA)
    • Deploying IWA
    • Installing the IWA Connector
    • Adding IWA as an Identity Provider
  • RSA Authentication Agent Access Polices and Step-up Authentication
    • Creating Access Policies
    • Configuring Integrated Windows Authentication
  • Configuring Identity Assurance functions
    • Establishing Assurance Levels
    • Configuring Trusted Locations and Trusted networks
    • Authentication Requirements and Condition Attributes
  • Mobile Multi-factor Authentication
    • RSA SecurID Access Authenticator registration
  • Connecting the SSO Agent to RSA Authentication Manager
    • Configuring a Static Route to
      RSA Authentication Manager
    • Using an RSA SecurID passcode for authentication in the Application Portal
  • Integrating an RSA SecurID Access Identity Router with an RSA Authentication Manager token server
    • Establishing a trust relationship to an Identity Router
  • Configuring the RADIUS server
    • Adding a RADIUS Client record
  • Troubleshooting and Maintenance
    • Creating and viewing a Log Bundle
    • Managing version updates/upgrades






In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us