000035520 - Getting started with the RSA SecurID Access Cloud Authentication Service

Document created by RSA Customer Support Employee on Sep 14, 2017Last modified by RSA Customer Support Employee on Feb 23, 2018
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000035520
Applies ToRSA Product Set: SecurID Access
RSA Product/Service Type: Cloud and Identity Router, Cloud Authentication Service
IssueThe RSA SecurID Access Cloud Authentication Service is a partly SaaS and partly on premise product, so installation and configuration does not follow a traditional software path.  This article provides information and references to help you through the initial deployment of the service.
TasksThese steps will guide you through the initial deployment process, including provisioning, planning, initial credentials, downloads, installation and configuration.

Setup and configuration steps

  1. Initial setup of the Cloud Authentication Service will begin when RSA provisions your deployment in either an EMEA- or Americas- based Microsoft Azure cloud.  This will normally be triggered to occur when RSA processes your sales order. 
  2. Deployment planning can start at any time and can continue while RSA provisions your new cloud deployment.  The two main planning steps are:
    1. Read the RSA SecurID Access Cloud Authentication Service Planning Guide.  This will help you to select the first product feature and architectural option that will be used.  The options, subject to your RSA SecurID Access License, are:


        Product features

        • RADIUS
        • Relying Party (Service Provider)
        • SSO Agent



        • Single Identity Router.
        • Single Identity Router plus a standby Identity Router
        • High availability Identity Router architecture
        • High availability Identity Router architecture and a single standby Identity Router
        • High availability Identity Router architecture and a high availability Identity Router Standby architecture
        • Geographically distributed high availability Identity Router architecture
    2. Complete the RSA SecurID Access Solution Architecture Workbook .  This is strongly recommended.  The workbook can be downloaded from the RSA SecurID Access Downloads page (RSA Link registration required).
  3. When provisioning has been completed by RSA, RSA will send an email containing your initial Super Admin credentials, URL and instructions needed to start configuration.  The email will be sent to the contact email address for your organization, previously given to RSA Sales or the RSA Partner with whom you have been working.  Note that a license file is not required for the Cloud Authentication Service or Identity Router. 
  4. Once all the above steps have been done, you are ready to configure your deployment.  Follow the Setup Checklist for your chosen deployment option:  RADIUS, Relying Party or SSO Agent.  The Setup Checklists are given in the RSA SecurID Access Cloud Authentication Service Setup and Configuration Guide, in Chapter 2 (Planning Your RSA SecurID Access Deployment) and include instructions for downloading and installing the RSA Identity Router. The checklists are:
    • Setup Checklist for a New Deployment with a Relying Party,
    • Setup Checklist for a New Deployment with a RADIUS Client, and
    • Setup Checklist for a New Deployment with the SSO Agent

The checklists are also available in the online RSA SecurID Access Help, in the RSA SecurID Access Product Overview section.

If you have chosen an architecture with more than one Identity Router, we recommend first testing and confirming the deployment is working with one Identity Router, then adding additional standby and/or clustered Identity Routers, as required.

Getting help during setup and configuration

If you have engaged RSA Professional Services or an RSA Partner to plan and/or setup and configure the Cloud Authentication Service:

  • They will do some or all of the steps above for you, according to the Statement of Work.  They should be your first point of contact if you have any questions during this process, and any subsequent warranty period.
If you are setting up and configuring the Cloud Authentication Service yourself and have questions or encounter issues with the Service, you may contact:

  • RSA Sales or the RSA Partner you have been working with, particularly for problems related to your sales order, licensing, product package, etc.
  • RSA Support for any questions or issues, or for help contacting RSA Sales.
Note that RSA Support is a reactive service only.  It does not provide a step-by-step planning or implementation service.  Support is available to help with specific issues and questions that arise while you do this work.

Other Resources