How to configure RSA SecurID Access with automatic IWA to handle non-Windows devices
Originally Published: 2017-10-09
Article Number
Applies To
Issue
Non-Windows client devices (iOS for example) cannot be integrated with IWA and may "hang" preventing authentication to the SID Access portal.
A network trace with Fiddler or Charles will show that the IWA server generated a 401 Unauthorized response to the client device.
Resolution
The IWA/IIS server's 401 error page can be configured to perform a 302-redirect back to the IDR portal login page. See Create a Custom HTTP Error Response regarding "Respond with a 302 redirect". The SID Access portal URL should be provided as the 302 redirect address.
When this redirect occurs for the first time, the user will be given the opportunity to log into the portal interactively, but the relay-state (of the originally requested protected resource) will be lost. That is, deep-linking will not work, and the user will land at the application's configured landing page.
The loss of deep-linking should only happen on first authentication however. As long as cookies are not cleared deep-linking should work on subsequent access attempts.
Related Articles
RSA Authentication Agent 1.0.1 for Citrix Storefront Release Notes Number of Views Disaster Recovery Situations Number of Views Release Notes Archive - Cloud Access Service and Authenticators Number of Views RSA Announces the Release of RSA Authenticator 4.5.3 for iOS and Android Number of Views Enable SecurID Token Users to Access Resources Protected by Cloud Access Service Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
