RSA SecurID Access Implementation End-to-End

Document created by Matthew Bradley Employee on Oct 2, 2017Last modified by Matthew Bradley Employee on Nov 6, 2018
Version 16Show Document
  • View in full screen mode

Schedule & Register

Schedule Only 



In order to register for a class, you need to first create an EMC account 

If you need further assistance, contact us


This training course offers hands-on training on the installation and configuration of Base, Enterprise, and Premium Edition components of an RSA SecurID Access system.



Students leave this classroom-based training with the experience of installing, deploying and configuring RSA SecurID Access system components to model a comprehensive and high availability authentication solution.

The architecture and deployment options of on-premise and cloud-based components are described to provide both perimeter and application access protection. Extensive hands-on exercises provide the experience of deploying operational systems and configuring a variety of authentication options.

This course assumes that the student has met the suggested prerequisite training or has equivalent operation and administrative experience with the RSA SecurID Access product line – this course does not cover administrative tasks in depth.

The RSA SecurID Access Deployment End-To-End course consists of two courses: RSA Authentication Manager Installation and Configuration AND RSA SecurID Access Cloud Authentication Service Deployment. The End-To-End packaging allows these courses to be ordered and scheduled together for convenience.

If you prefer to attend RSA Authentication Manager Installation and Configuration and/or RSA SecurID Access Cloud Authentication Service Deployment courses separately, please view those specific course schedules to register for the dates that best suit your schedule or consider an On-Demand Classroom delivery option.



IT or other technical personnel who install, service and support RSA SecurID Access deployments.

Delivery Type


5 days


Learning Objectives

Students should have familiarity with the concepts of: strong (multi-factor) user authentication, cloud applications, single sign-on, and networking communication as well as a general familiarity with virtual machine deployments and Windows and Linux operating systems.

Students should complete the following RSA University on-demand learning courses prior to attending this course:

For students who will work extensively with RSA Authentication Manager, it is suggested that the RSA Authentication Manager Administration course be completed prior to attending this course.

Students must have their own computer and internet connectivity to participate in on-line classes and must provide their own mobile device (smartphone or tablet) to complete exercises involving the RSA SecurID Access Authenticator mobile app.


Course Outline

  • RSA Authentication Manager System Architecture
    • Primary and Replica instances
    • Authentication Agents and communication paths
    • Identity Sources
    • Web Tier component
    • RADIUS communication


  • Deployment Scenarios and Planning
    • Deployment and Installation planning
    • Using CT-KIP for software token deploymen


  • Token Server Deployment
    • Pre-Installation requirements and considerations; Supported VMware environments and features
    • Hardware Appliance deployment
    • Deployment process and steps


  • System Configurations
    • System-wide configuration options


  • Authentication Agent Configurations
    • Functions and features of representative Authentication Agent installations for Microsoft Windows and Linux operating systems


  • Web Tier Installation
    • Requirements and installation process for the Web Tier component
    • Customizing the end user interface
    • End user Self-service Configuration


  • System Utilities
    • Using the Command-line Utility package
    • Installing and configuring the Windows MMC snap-in
    • Managing Realm trusts
    • Setting up the Credential Manager for provisioning


  • RADIUS Server Configuration
    • RADIUS functions and capabilities
    • Primary and Replica RADIUS servers
    • Managing RADIUS users 


  • Replica Instances
    • Strategies for dealing with primary instance failures and replica promotion
    • Creating replica packages
    • Establishing preferred and failover servers for Authentication Agents


  • Integrating an RSA SecurID Access Identity Router with an RSA Authentication Manager token server
    • Establishing a trust relationship to an Identity Router


  • RSA SecurID Access identity Router and Hosted Service Architecture
    • Single and High Availability deployments
    • Network connectivity and port requirement
  • Identity Router Implementation Overview
    • Implementation planning and checklist
    • Initial console connection


  • Deploying the Identity Router
    • Downloading the Identity Router image
    • VMware image deployment and VMware Console configurations
    • Identity Router Setup Web Console
    • Obtaining Identity Router updates


  • Clustering
    • Cluster overview
    • Cluster quorums
    • Cluster backups for User Profiles


  • System Configurations
    • System Digital Certificates
    • Connecting an Identity Source
    • User Application Portal


  • SSO Agent Configuration
    • Configuring the Application Portal
    • Creating Access Policies
      • Rules and Rule Sets
      • Assurance Level
    • Adding Web Applications
      • Application Catalog and Template options
      • Application Availability and Visibility


  • Configuring SAML Applications
    • IdP-Initiated and SP-Initiated SSO Profiles


  • Configuring Integrated Windows Authentication (IWA)
    • Deploying IWA
    • Installing the IWA Connector
    • Adding IWA as an Identity Provider


  • Connecting the SSO Agent to RSA Authentication Manager
    • Configuring a Static Route to RSA Authentication Manager
    • Using an RSA SecurID passcode for authentication in the Application Portal


  • RSA Authentication Agent Access Polices and Step-up Authentication
    • Creating Access Policies
    • Configuring Integrated Windows Authentication


  • Configuring Identity Assurance functions
    • Establishing Assurance Levels
    • Configuring Trusted Locations and Trusted networks
    • Authentication Requirements and Condition Attributes


  • Mobile Multi-factor Authentication
    • RSASecurID Access Authenticator registration

Schedule & Register

Schedule Only



In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us