Differences to be aware of when configuring RSA SecurID Access Cloud IdP vs IDR IdP
Originally Published: 2018-11-07
Article Number
Applies To
Issue
The SecurID Access Cloud Authentication Service offers two ways to configure an Identity Provider (IdP) for SAML applications:
- Configure the IDR IdP as described in Add a SAML Application.
- Configure the Cloud IdP as described in Add a Relying Party.
The cloud IdP configuration process is simpler (fewer options) while the IDR IdP is more configurable. Configuration differences may not be readily apparent.
Resolution
| Cloud IdP | IDR IdP |
|---|---|
| Creates its own signing certificate | Admin generates and uploads signing certificate |
| Assertion signatures use the SHA-256 hashing algorithm | Assertion signatures use the SHA-1 hashing algorithm by default. Other algorithms including SHA-256 can be configured. |
| Assertion signing is performed on the“Assertion within response” | Assertion signing defaults to “Entire SAML response” but can be configured to be “Assertion within response” |
| The User Identity NameID type is auto-detected | You must specify the User Identity NameID type |
| Extended Attributes are automatically hunted for in all Identity Sources by default | Extended Attributes must be configured with the specific Identity Source where they can be found |
| IdP URL is found only in the IdP metadata file | IdP URL is auto populated in the configuration page |
| 3rd party Service Provider must support SP-initiated SAML | Supports IdP-initiated or SP-initiated SAML |
| Identity Source User Attributes page must have "Synchronize the selected policy attributes with the Cloud Authentication Service" checked. | This checkbox is not applicable |
Notes
The cloud IdP provides primary and/or additional multi-factor authentication for SaaS applications but does not provide single sign-on.
Related Articles
Unable to access public folders through OWA when protected by RSA Authentication Agent 7.1.3 for Web for IIS using Google … Number of Views "CheckAccess" webservice API call not working correctly for accounts Number of Views Access denied insufficient privileges error when clicking on entitlement Information icon in RSA Identity Governance and L… Number of Views SecurID Internal Database Password Algorithm Number of Views Customer getting collected on every login to FI website Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
