Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036925 - Why use RSA SecurID Access AD FS SAML integration rather than the RSA Authentication Agent for Microsoft AD FS

Document created by RSA Customer Support

on Nov 19, 2018•Last modified by RSA Customer Support

on Jul 16, 2019

Version 3Show Document

Like • Show 1 Like1
Comment • 0
View in full screen mode

Article Content

Article Number	000036925
Applies To	RSA Product Set: SecurID Access
Issue	Microsoft Active Directory Federation Services (AD FS) can be protected by the SecurID Access Cloud Authentication Service via two distinct RSA integration methods: RSA Authentication Agent for Active Directory Federation Services (AD FS) SAML integration with the RSA Cloud Authentication Service It is not clear if there are advantages to one integration method versus the other.
Resolution	For most scenarios, integrating with the RSA Authentication Agent 2.0 for Microsoft AD FS or higher is the recommended solution. This allows you to keep utilizing your AD FS environment for SSO while adding advanced RSA authentication methods for additional authentication. However, there are some situations where SAML integration may be the better choice: Require SecurID as the primary authentication method and AD FS is running on Windows Server 2012 or 2016 (the agent can only provide additional/secondary authentication unless AD FS is running on Windows Server 2019 or later). Require FIDO token authentication (FIDO is not supported by the agent). Prefer not to install and maintain additional software on your AD FS server(s). The agent must be installed on each AD FS server in your server farm.

Attachments

Outcomes

0 Comments

Recommended Content