Add a Security Domain

A security domain defines an area of management responsibility, typically corresponding to a company’s internal business units, departments, and so on. A security domain represents a single unit in an organizational hierarchy. You build the hierarchy by creating relationships between security domains. You can create up to 1,000 security domains.

Before you begin

  • Learn about the custom and default policies available. For more information, see RSA Authentication Manager Policies.
  • Follow these guidelines:

    • To use the default policy, select Always Use Default from the drop-down list. The default policy is automatically applied to the security domain.

    • To use a custom policy, select a policy name from the drop-down list. This policy applies to that security domain until you explicitly change it.

    • When you apply a policy that is also the default policy, that policy remains assigned to the security domain even if you change the default policy. To use the default policy, you must explicitly specify Always Use Default.


  1. In the Security Console, click Administration > Security Domains > Add New.
  2. In the Security Domain Name field, enter a unique name. Do not exceed 100 characters.

  3. From the Parent drop-down list, select the parent security domain of the new security domain. The parent security domain is the security domain in which you want the new security domain to exist.

  4. From the Password Policy drop-down list, select the password policy of the new security domain. Password policies enforce rules such as the required length of passwords, characters, and restricted words.

  5. From the Lockout Policy drop-down list, select the lockout policy that you want to assign to the new security domain. Lockout policies lock out users after a designated number of consecutive unsuccessful logon attempts within a specified time period. Locked out users cannot authenticate.

  6. From the Self-Service Troubleshooting Policy drop-down list, select a policy for the new security domain. This policy controls how users log on to the Self-Service Console if they cannot authenticate using primary methods such as passwords or passcodes.

  7. From the Risk-Based Authentication (RBA) Policy drop-down list, select a policy for the new security domain. RBA policies include the minimum assurance level that is required for logon and the identity confirmation methods that are allowed when an authentication attempt does not meet the minimum assurance level.

  8. From the SecurID Token Policy drop-down list, assign a SecurID token policy to the security domain. Token policies determine SecurID PIN lifetime and format, and fixed passcode lifetime and format. The token policy also determines how to handle users or unauthorized people who enter a series of incorrect passcodes.

  9. From the Offline Authentication Policy drop-down list, select an offline authentication policy for the security domain. Offline authentication policies define how users authenticate when they are not connected to the network.

  10. (Optional) From the Workflow Policies drop-down list, select a workflow policy for the security domain. Workflow policies specify who receives e-mail, workflow definitions, the number of approval and distribution steps, and e-mail notifications for requests made through the Self-Service Console.

  11. From the Risk-Based Authentication (RBA) Message Policy drop-down list, select a policy for the new security domain. This policy defines the message that users receive when they are challenged to configure their identity confirmation method.

  12. Click Save.