Certified: June 05, 2026
Solution Summary
This guide describes integrating PingFederate with RSA using SAML, OIDC, and REST API. Use this information to determine which use case and integration type your deployment will employ.
Use Case
PingFederate can be integrated with RSA using SAML, OIDC, and REST API. When integrated, users must authenticate with RSA to sign in to PingFederate.
Integration Types
My Page SSO provides Single-Sign-On (SSO) to PingFederate users, leveraging RSA self-service portal My Page. Both SP-initiated SSO and IdP-initiated SSO are supported.
Modern Cloud-hosted SSO with My Page replaces the existing SAML SSO support with the IDR.
Relying Party integration allows PingFederate users’ web browsers to be automatically redirected to CAS for authentication. With Relying Party integration, Cloud Access Service (CAS) can manage either additional authentication only or both primary authentication (for example, user ID and password) and additional authentication, depending on the service provider's capability.
RSA MFA API (REST) integrations can provide a rich user interface with all RSA ID Plus features within the partner application. Refer to the Supported Features section in this article to see which features this partner application has implemented.
PingFederate can be integrated with RSA Authentication Manager (AM) using REST API. When integrated, users must authenticate with RSA to sign in to PingFederate.
PingFederate can be integrated with AM and Cloud Access Service (CAS) in a hybrid deployment using REST API. When integrated, users can use the authentication methods available in CAS for MFA.
Supported Features
This section shows all the supported features by integration type and by RSA components. Use this information to determine which integration type and RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with PingFederate using each integration type.
PingFederate Integration with CAS
| Authentication Methods | RSA MFA API (REST) | RADIUS | Relying Party | My Page SSO |
| Approve | Unsupported | Not tested | Supported | Supported |
| LDAP Password | Unsupported | Not tested | Supported | Supported |
| SecurID OTP | Unsupported | Not tested | Supported | Supported |
| Authenticate OTP | Unsupported | Not tested | Supported | Supported |
| Device Biometrics | Unsupported | Not tested | Supported | Supported |
| SMS OTP | Unsupported | Not tested | Supported | Supported |
| Voice OTP | Unsupported | Not tested | Supported | Supported |
| FIDO Security Key | Unsupported | Not tested | Supported | Supported |
| QR Code | Unsupported | Not tested | Supported | Supported |
| Emergency Access Code | Unsupported | Not tested | Supported | Supported |
PingFederate Integration with RSA Authentication Manager (AM)
| Authentication Methods | RSA MFA API (REST) | RADIUS | Authentication Agent |
|---|---|---|---|
| RSA SecurID | Supported | Not tested | Unsupported |
| On Demand Authentication | Supported | Not tested | Unsupported |
| Risk-Based Authentication | Unsupported | Not tested | Unsupported |
PingFederate Integration with AM and CAS (Hybrid)
| Authentication Methods | RSA MFA API (REST) |
| Approve | Supported |
| LDAP Password | Supported |
| SecurID OTP | Supported |
| Authenticate OTP | Supported |
| Device Biometrics | Supported |
| SMS OTP | Supported |
| Voice OTP | Supported |
| FIDO Security Key | Supported |
| QR Code | Supported |
| Emergency Access Code | Supported |
Configuration Summary
This section contains instruction steps that show how to integrate PingFederate with RSA using all of the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA and PingFederate components must be installed and working prior to the integration.
This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
Integration Configuration
CAS
SAML
- PingFederate - My Page SSO Configuration Using SAML- RSA Ready Implementation Guide
- PingFederate - Relying Party Configuration Using SAML - RSA Ready Implementation Guide
OIDC
- PingFederate - My Page SSO Configuration Using OIDC - RSA Ready Implementation Guide
- PingFederate - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide
AM
REST API
RSA Terminology Changes
The following table describes the differences in the terminologies used in the different versions of RSA products and components.
| Previous Version | New Version | Examples/Comments |
| Cloud Authentication Service | Cloud Access Service | |
| Token | OTP Credential | SecurID OTP Credential |
| Authenticator | Hardware Authenticator | |
| Tokencode | OTP | SecurID OTP, SMS OTP, Voice OTP |
| Access Code | Emergency Access Code | |
| SecurID Authenticate app | RSA Authenticator app | RSA Authenticator app for iOS and Android, RSA Authenticator app for Windows |
| Device | Authenticator | Register an authenticator |
| Company ID | Organization ID | |
| Account | Credential | |
| Device Serial Number | Binding ID |
Certification Details
CAS
AM 8.9
Ping Identity PingFederate 13.0.2.0
Known Issues
No known issues
Related Articles
Repair an RSA Trusted Realm 2Number of Views RSA SDK 4.1 for iOS Developer's Guide and Release Notes 16Number of Views 'Version Upgrades' Tab Is Missing 18Number of Views Does CRL gets updated when certificates are deleted from KCA database? 9Number of Views RSA announces the release of the RSA SecurID Software Token and SDK 2.3 for iOS 3Number of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager Upgrade Process Authentication Manager Security Console and Operations Console Inaccessible After Certificate Update RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide