Authentication Sources
You can automate the use of configured IDR SSO Agent identity providers (IdPs) for user authentication in the user application portal by adding IDR SSO Agent IdPs as authentication sources. You can also change the order in which the portal uses two or more IdPs to verify whether a user is authenticated. Automation ensures that IdPs are used in the proper order and eliminates manual steps for users when accessing applications, avoiding user errors. To add an authentication source, see Add an Authentication Source.
Note: The Authentication Sources page is available only if Identity Router based portal is enabled.
When IdPs are configured in RSA, but not added as an authentication source, users may access the application portal by authenticating against a configured identity source, or they can manually select their IdP by clicking a link on the portal authentication page.
- If the user is authenticated (for example, in the Windows domain), the portal creates a session without requiring an additional sign-in.
- If the user is not authenticated, the application portal redirects the user to the identity provider authentication screen, creating a session after the user authenticates.
- If IdP access rules are configured for an IdP, users may be allowed or denied access based on their IP address.
You must add and configure IdPs on the Identity Providers page of the Cloud Administration Console to make them available for adding as authentication sources. When you delete a configured IdP from the Identity Providers page in the Cloud Administration Console, it automatically becomes unavailable for use as an authentication source. The following IdPs may be available as authentication sources:
- Portal (default IdP). Uses the identity router default LDAP user name and password authentication.
- RSA IWA Connector. Uses Integrated Windows Authentication (IWA) to determine whether a user is already authenticated in the Windows domain.
- SAML 2 Generic IdP. Uses the Security Assertion Markup Language (SAML) version 2.0 protocol enabling the portal to interact with a SAML-capable IdP.
Typical Authentication Source Configurations
- Only Portal is listed. In this case, all user authentications require the application portal's default LDAP user name and password authentication. Users may also manually choose from other configured IdPs listed on the application portal sign-in page.
- RSA IWA Connector is listed first followed by Portal. The application portal verifies whether the user is authenticated in the Windows domain authentication status.
- Authenticated users are granted access.
- Unauthenticated users who are in the allowed domain IP address range defined in the integrated Windows authentication IdP configuration are redirected to a Windows domain sign-in screen.
- Unauthenticated users who are in the denied domain IP address range defined in the integrated Windows authentication IdP configuration are redirected to the application portal default sign-in page.
- RSA IWA Connector is listed first followed by SAML 2 Generic, followed by Portal. The portal checks each IdP in the order listed, until the user is authenticated or able to sign in.
Note: The Authentication Sources list must contain at least one IdP. If you need to delete the only IdP on the list, you must first add another Authentication Source, such as the default Portal, to take its place.
Related Articles
RSA Identity Governance & Lifecycle authentication fails if the authentication sources uses Aveksa Data Collector (ADC) an… Number of Views Choosing a Connection Method to Add an SSO Agent Application Number of Views The Active Directory Account Collector does not collect the AD Domain Users Group in RSA Identity Governance & Lifecycle Number of Views How to disable or enable the Other Users tile on the logon screen on a Windows machine protected by RSA Authentication Age… Number of Views Error message in RSA Authentication Manager 8.x Security Console or Self-Service Console when logging in with LDAP password Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
