Enable High Availability OTP in Cloud Access Service

When you enable High Availability OTP, RSA Authenticator app users are able to access protected resources with Authenticate OTP even if Cloud Access Service (CAS) is unavailable, because CAS makes Authenticate OTP records available to Authentication Manager (AM) version 8.5 and later. Your CAS deployment must be connected to AM to take advantage of this feature.

Note:  SecurID 700 credential records are always available for AM deployments that support high availability, SecurID 700 credentials, and are connected to the Cloud as described in Connect Authentication Manager to Cloud Access Service, regardless of whether this option is enabled.

Enabling this feature has the following impact when an app user tries to access a resource with Authenticate OTP and AM is unable to contact CAS:

• The user is prompted to enter an Authenticate OTP.

• The OTP is evaluated by AM rather than by CAS.

If you disable this feature, AM no longer downloads records for Authenticate OTP. For more information, see High Availability OTP.

Authentication Manager licensing

Enabling High Availability OTP does not affect license usage in AM. For more information about how AM uses High Availability OTP records, see High Availability OTP.

Before you begin 

You must be a Super Admin for CAS.

Procedure 

1. In the Cloud Administration Console, click Platform > Authentication Manager.

2. In the High Availability OTP field, click Enable.

3. Click Publish Changes to apply the configured settings.