When making a new purchase for either RSA SecurID hardware or software tokens or additional user licenses, be mindful that tokens and licenses are separate purchases. When working with your RSA sales rep or reseller, be sure to state that you want tokens, license or both. This prevents confusion and any delay in getting files to you.

RSA Authentication Manager licenses

An RSA Authentication Manager license provides the upper limit of the number of active users who are allowed in a deployment of the software. To view license information, 

1. Log in to the Security Console.
2. Browse to Setup > Licenses > Status, as shown here: 

3. In the screenshot above, the software license is for 100,000 users to have one or more authenticators assigned to them. Here, only 1,673 licenses have been used.

If you are assigning tokens to new users, but the Actual number is close to, or at the Limit number, specify during the purchase process that you need both a new license and additional token seeds. Once you reach the Actual number, you cannot assign more tokens to users.

The serial number can be found in the same location as when selecting View installed licenses. Select the drop-down on a LID number, and choose View.

Ensure that the new license is issued with a serial number that matches your currently installed production serial number. If you are using a trial license, see the article entitled The customer account identifier in the license does not match that stored in the system message when installing an RSA Authentication Manager license for steps to uninstall the trial before applying the production license.

 Note that the LID number shown in the Security Console are called out in the header information of the license.xml file. 

<license:licenseRecord xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:license="http://www.rsasecurity.com/schemas/2004/05/licenserecord.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" creationDate="2021-11-01T00:00:00.000+00:00" deployment="floating" id="LID000xxxxxxX" licenseCategory="production" version="1.0">

License limit has been exceeded message

This warning is an indicator that you have reached 95% of the license limit. Tokens can still be assigned but consider either unassigning tokens from users who no longer need them, or purchasing a larger license.

RSA SecurID hardware and software tokens

Each user can possess up to three authenticators or tokens which only count against the user license once. This is why there can be a difference between the Actual number that you see under license status compared to number of assigned tokens.

1. Log in to the Security Console.
2. Browse to Authentication > SecurID Tokens > Manage Existing.
3. Choose the Unassigned tab.
4. The page that is shown here displays the tokens that are installed in the system. As shown, search results can be filtered at left to show tokens that are not expired and are ready for use. 

RSA SecurID Risk Based Authentication (RBA) and On-Demand Authentication (ODA)

You must have an Enterprise License for Risk Based Authentication (RBA) or On-Demand Authentication to enable these options. Confirm the license type in the Security Console under Setup > License Status.

If a user does not have a token assigned, enabling them for RBA/ODA adds a user to both the users with assigned authenticators license and the RBA/ODA license.

If a user already has a hardware or software token assigned to them, enabling them for RBA/ODA increases the RBA/ODA license.

IMPORTANT LICENSING NOTES
An RSA Authentication Manager 8.1 license can be used to deploy Authentication Manager 8.1, Authentication Manager 8.2, Authentication Manager 8.3, and Authentication Manager 8.4.

An RSA Authentication Manager 8.4 license cannot be used to deploy Authentication Manager 8.1, Authentication Manager 8.2, and Authentication Manager 8.3 software. An RSA Authentication Manager 8.4 license can only be used to deploy Authentication Manager 8.4 or later software.