Add an Authentication Agent

Before an authentication agent can communicate with RSA Authentication Manager, you must add the agent to the internal database. This process is called registering the agent. The agent record identifies the agent to Authentication Manager.

Deployments that use risk-based authentication (RBA) require additional configuration. For more information, see Risk-Based Authentication.

For instructions on how to deploy an authentication agents that uses the REST protocol require, see Deploying an Authentication Agent That Uses the REST Protocol.


  1. In the Security Console, click Access > Authentication Agents > Add New.

  2. From the Security Domain drop-down menu, select the security domain to which you want to add the new agent.

  3. Under Authentication Agent Basics, do the following:

    1. For Hostname, enter a new hostname for the agent host, and then click Resolve IP.

      The IP address is automatically entered. If you enter a new name, the name must be unique.

      Note: For IPv4/IPv6 agents, the hostname can be any agent descriptor and does not necessarily need to be a fully qualified host name. IP address resolution is not supported for IPv4/IPv6 agents.

    2. (Optional) In the IP Address field, enter the IP address of the agent.

      If you use an existing server name, this field is automatically populated and read-only. If no address is specified, UDP agents will use auto-registration to provide the address to the server.

      Note: Do not enter IP addresses in the IPv6 format. IPv4/IPv6 agents will use the hostname to provide the address to the server.

    3. (Optional) In the Alternate IP Addresses field, enter alternate IP addresses for the agent.

      You enter alternate IP addresses if the agent has more than one network interface card, or is located behind a static network address translation (NAT) firewall.

      If you use an existing server name, this field is automatically populated and read-only.

  4. (Optional) Under Authentication Agent Attributes, you can select the following options:

    • To specify the type of agent, select the type from the Agent Type list.

      If the agent is a web agent, select Web Agent, otherwise keep the default selection Standard Agent. The populated agent types are labels, there is no functional difference by choosing Web Agent or Standard Agent.

    • To disable the agent, select Agent is disabled.

      You might select this option to stop access to a resource temporarily.

    • To add a restricted agent, select Allow access only to members of user groups who are granted access to this agent.

      Only users who are members of user groups that have permission to access a restricted agent can use this agent to authenticate. Any user can use an unrestricted agent to authenticate.

    • To assign a manual or automatic contact list to the new agent, use the Authentication Manager Contact List buttons.

  5. (Optional) If your deployment includes an SecurID trusted realm or Authentication Manager trusted realms, select the Enable Trusted Realm Authentication field when you add the agent. Do not select this field if you do not use trusted realms, for example, if you configured Authentication Manager to handle Authenticate Tokencodes in the Operations Console.

    To configure how users from an Authentication Manager trusted realm authenticate to this agent, select whether you want to allow all trusted users to authenticate through the new agent or only those trusted users who belong to a trusted user group that has been granted explicit permission to use the agent.

  6. (Optional) To allow users to authenticate to this agent using RBA, do the following.

    • Select Enable this agent for risk-based authentication.

    • If you want to restrict RBA access on this server agent, select Allow access only to users who are enabled for risk-based authentication.

    • Select an authentication method for RBA users.

  7. Choose one of the following options to save the settings for this agent.

    • If you enabled this agent for RBA, click Save Agent and Go to Download Page.

      The system saves the settings and displays the Integration Script page, where you select and download the integration script for this agent.

    • If you did not enable this agent for RBA, click Save.

    Note: If the hostname is not a fully qualified host name or the IP address is not specified, a Confirmation Required dialog, summarizing the hostname and the IP address is displayed. Here, you can either edit the agent details or save the agent information.

After you finish

IPv4/IPv6 agents require an additional procedure to register the agent. For instructions, see Configure an IPv4/IPv6 Agent.

Configure Agent Settings

Generate an Integration Script for a Web-Based Application

Related Concepts

RSA Authentication Agents