All administrators sign into the Cloud Administration Console using their passwords configured in My Account > Profile, but you can require additional authentication such a tokencode or push notification (Approve). After you enable additional authentication, the console is automatically configured as a SAML service provider, while the Cloud Authentication Service acts as the SAML identity provider.
Note: If no Super Admins in your company can provide the required authentication credentials to access the console, RSA Customer Support can temporarily disable the additional authentication requirement, allowing administrators to gain access using only their passwords. RSA sends all Super Admins an email notification after additional authentication has been disabled.
Before you begin
- You must be a Super Admin for the Cloud Administration Console.
- All administrators who use the Cloud Administration Console must have two accounts: a user account in an identity source that RSA SecurID Access is configured to use, and an administrator account in the Cloud Administration Console. Both accounts must use the same email address.
Verify that the identity source containing the administrator accounts is synchronized, ensuring that the administrators' identity information is available to the Cloud Authentication Service. You can click Users > Management to see if specific administrators have been synchronized.
Note: After identity source synchronization, administrators continue to sign in to the Cloud Administration Console using the passwords configured in My Account > Profile. Identity source passwords are never used to access the console.
Add an access policy to configure the console authentication requirements. The policy must specify the identity source containing the administrators' records. When you select an assurance level, keep in mind that FIDO Token is not supported for protecting the console. For instructions, see Add an Access Policy.
- Make sure all administrators have the authentication credentials they need to access the console. For example, each person might need an RSA SecurID Token or the RSA SecurID Authenticate app on a registered device.
- Enable additional authentication for the console and select an access policy.
- In the Cloud Administration Console, click My Account > Company Settings and select the Sessions & Authentication tab.
- In the Additional Authentication field, click Enable.
- In the Access Policy for Additional Authentication field, select a policy to enforce authentication requirements for the console.
- Click Save Settings.
- Click Publish Changes to activate the settings. Additional authentication is required immediately after you publish.