Configure RSA Authentication Manager as a Secure Proxy Server for the Cloud Authentication Service

You can configure RSA Authentication Manager 8.7 SP1 to act as a secure proxy server for the Cloud Authentication Service. User authentication requests are automatically forwarded to the Cloud Authentication Service, and you can configure high availability, which allows authentication to continue when the Cloud Authentication Service or the connection is unavailable or too slow.

You may need to do additional configuration steps to use these features.


  1. REST protocol authentication agents require credentials to securely access Authentication Manager. See Configure the SecurID Authentication API for Authentication Agents.
  2. Connect Authentication Manager to the Cloud Authentication Service.

    For instructions, see the following:

    Note: To use High Availability Tokencode with this feature, you must connect again after upgrading from version 8.4 Patch 4 or later.

  3. In the Cloud Administration Console, create an access policy for the authentication agents that are connected to the Cloud Authentication Service, or plan to use an existing access policy. For instructions, see Planning Resource Protection with Access Policies and Access Policies.
  4. Configure your authentication agents to use Authentication Manager to direct authentication requests to the Cloud Authentication Service. For instructions, see your agent documentation.

After you finish

  • When RSA Authentication Manager cannot communicate with the Cloud Authentication Service, users can access SecurID protected resources with SecurID authentication and Authenticate Tokencode. Authentication Manager always validates SecurID authentication. Authentication Manager must download High Availability Tokencode records to prompt users for Authenticate Tokencode. See Configure High Availability Tokencodes.
  • Some newer authentication agents can automatically download offline emergency access codes for users who access the authentication agent. Users can continue to authenticate if the connection to Authentication Manager or the Cloud Authentication Service is not available. For more information, see Emergency Tokencode.
  • Authentication Manager automatically downloads offline data day files that some newer authentication agents can use for uninterrupted authentication to the Cloud Authentication Service. For instructions, see your authentication agent documentation.