000036925 - Why use RSA SecurID Access AD FS SAML integration rather than the RSA Authentication Agent for Microsoft AD FS

Document created by RSA Customer Support Employee on Nov 19, 2018Last modified by RSA Customer Support Employee on Jul 16, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000036925
Applies ToRSA Product Set: SecurID Access
IssueMicrosoft Active Directory Federation Services (AD FS) can be protected by the SecurID Access Cloud Authentication Service via two distinct RSA integration methods:
It is not clear if there are advantages to one integration method versus the other.
ResolutionFor most scenarios, integrating with the RSA Authentication Agent 2.0 for Microsoft AD FS or higher is the recommended solution.  This allows you to keep utilizing your AD FS environment for SSO while adding advanced RSA authentication methods for additional authentication. 

However, there are some situations where SAML integration may be the better choice:
  • Require SecurID as the primary authentication method and AD FS is running on Windows Server 2012 or 2016 (the agent can only provide additional/secondary authentication unless AD FS is running on Windows Server 2019 or later).
  • Require FIDO token authentication (FIDO is not supported by the agent).
  • Prefer not to install and maintain additional software on your AD FS server(s).  The agent must be installed on each AD FS server in your server farm.