PingFederate - RSA Ready Implementation Guide
14 days ago

Certified: June 05, 2026


Solution Summary

This guide describes integrating PingFederate with RSA using SAML, OIDC, and REST API. Use this information to determine which use case and integration type your deployment will employ.

      

Use Case

PingFederate can be integrated with RSA using SAML, OIDC, and REST API. When integrated, users must authenticate with RSA to sign in to PingFederate. 
    

Integration Types

My Page SSO provides Single-Sign-On (SSO) to PingFederate users, leveraging RSA self-service portal My Page. Both SP-initiated SSO and IdP-initiated SSO are supported.
Modern Cloud-hosted SSO with My Page replaces the existing SAML SSO support with the IDR. 
    
Relying Party integration allows PingFederate users’ web browsers to be automatically redirected to CAS for authentication. With Relying Party integration, Cloud Access Service (CAS) can manage either additional authentication only or both primary authentication (for example, user ID and password) and additional authentication, depending on the service provider's capability.

     

RSA MFA API (REST) integrations can provide a rich user interface with all RSA ID Plus features within the partner application. Refer to the Supported Features section in this article to see which features this partner application has implemented. 

PingFederate can be integrated with RSA Authentication Manager (AM) using REST API. When integrated, users must authenticate with RSA to sign in to PingFederate.

PingFederate can be integrated with AM and Cloud Access Service (CAS) in a hybrid deployment using REST API. When integrated, users can use the authentication methods available in CAS for MFA.
 

Supported Features

This section shows all the supported features by integration type and by RSA components. Use this information to determine which integration type and RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with PingFederate using each integration type.

       

PingFederate Integration with CAS

Authentication MethodsRSA MFA API (REST)RADIUSRelying PartyMy Page SSO
ApproveUnsupportedNot testedSupportedSupported
LDAP PasswordUnsupportedNot testedSupportedSupported
SecurID OTPUnsupportedNot testedSupportedSupported
Authenticate OTPUnsupportedNot testedSupportedSupported
Device BiometricsUnsupportedNot testedSupportedSupported
SMS OTPUnsupportedNot testedSupportedSupported
Voice OTPUnsupportedNot testedSupportedSupported
FIDO Security KeyUnsupportedNot testedSupportedSupported
QR CodeUnsupportedNot testedSupportedSupported
Emergency Access CodeUnsupportedNot testedSupportedSupported

        

PingFederate Integration with RSA Authentication Manager (AM)

Authentication MethodsRSA MFA API (REST)RADIUSAuthentication Agent
RSA SecurIDSupportedNot testedUnsupported
On Demand AuthenticationSupportedNot testedUnsupported
Risk-Based AuthenticationUnsupportedNot testedUnsupported

  

PingFederate Integration with AM and CAS (Hybrid)

Authentication MethodsRSA MFA API (REST)
ApproveSupported
LDAP PasswordSupported
SecurID OTPSupported
Authenticate OTPSupported
Device BiometricsSupported
SMS OTPSupported
Voice OTPSupported
FIDO Security KeySupported
QR CodeSupported
Emergency Access CodeSupported

    

Configuration Summary

This section contains instruction steps that show how to integrate PingFederate with RSA using all of the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA and PingFederate components must be installed and working prior to the integration.
This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
    

Integration Configuration

CAS

SAML

OIDC 

  

AM

REST API

      

RSA Terminology Changes

The following table describes the differences in the terminologies used in the different versions of RSA products and components. 

Previous VersionNew VersionExamples/Comments
Cloud Authentication ServiceCloud Access Service
Token

OTP CredentialSecurID OTP Credential
AuthenticatorHardware Authenticator
Tokencode

OTPSecurID OTP, SMS OTP, Voice OTP
Access CodeEmergency Access Code
SecurID Authenticate appRSA Authenticator appRSA Authenticator app for iOS and Android, RSA Authenticator app for Windows
DeviceAuthenticatorRegister an authenticator
Company IDOrganization ID 
AccountCredential 
Device Serial NumberBinding ID 

         

Certification Details

CAS

AM 8.9
Ping Identity PingFederate 13.0.2.0

    

Known Issues

No known issues