RSA SecurID Authentication Process
The RSA SecurID authentication process involves the interaction of three distinct products:
RSA SecurID authenticators, also known as tokens, which generate one-time authentication credentials for a user.
RSA Authentication Agents, which are installed on client devices and send authentication requests to the AM.
RSA Authentication Manager, which processes the authentication requests and allows or denies access based on the validity of the authentication credentials sent from the authentication agent.
To authenticate a user with SecurID, AM needs, at a minimum, the following information:
| Element | Information |
|---|---|
| User record | Contains a User ID and other personal information about the user (for example, first name, last name, group associations, if any). The user record can come from either an LDAP directory server or the AM internal database. |
| Agent record | Lists the name of the machine where the agent is installed. This record in the internal database identifies the agent to AM and enables AM to respond to authentication requests from the agent. |
| Token record | Enables AM to generate the same tokencode that appears on a user’s RSA SecurID token. |
| SecurID PIN | Used with the tokencode to form the passcode. |
The Role of RSA Authentication Manager in SecurID Authentication
RSA Authentication Manager software, authentication agents, and RSA SecurID tokens work together to authenticate user identity. RSA SecurID patented time synchronization ensures that the tokencode displayed by a user’s token is the same code that the RSA Authentication Manager software has generated for that moment. Both the token and the AM generate the tokencode based on the following:
The token’s unique identifier (also called a “seed”).
The current time according to the token’s internal clock, and the time set for the AM system.
To determine whether an authentication attempt is valid, the RSA Authentication Manager compares the tokencode it generates with the tokencode the user enters. If the tokencodes do not match or if the wrong PIN is entered, the user is denied access.
RSA SecurID Authentication Examples
Authentication Manager software is scalable and can authenticate large numbers of users. It is interoperable with network, remote access, wireless, VPN, Internet, and application products. The following table describes key examples.
Product or Application | Description |
VPN Access | RSA SecurID provides secure authentication when used in combination with a VPN. |
Remote dial-in | RSA SecurID operates with remote dial-in servers, such as RADIUS. |
Web access | RSA SecurID protects access to web pages. |
Wireless Networking | Authentication Manager includes an 802.1- compliant RADIUS server. |
Secure access to Microsoft Windows | Authentication Manager can be used to control access to Microsoft Windows environments both online and offline. |
Network hardware devices | Authentication Manager can be used to control desktop access to devices enabled for SecurID, such as routers, firewalls, and switches. |
Related Articles
The logging server process terminates when user logs out Number of Views What is the process for FSM to rotate key? Number of Views Does PGP disk encryption work with RAU? Number of Views RSA Announces Operational Enhancements to RSA SecurID Manufacturing and Shipping Processes Number of Views How RSA Authentication Manager Protects Your Resources Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
