SecurID License Support

Use of RSA Authentication Manager is licensed and depends on the RSA licensing packages used. For more information, refer to your detailed commercial agreement with RSA.

License Requirements

Authentication Manager has the following license requirements:

  • For RSA Authentication Manager 8.0 or later, you cannot use a version 6.1 or version 7.1 license.
  • If version 8.2 Patch 3 is applied or if you have version 8.2 Service Pack 1 (SP1) or later, any version 8.0 or later license can be used.
  • If you have version 8.2 Patch 2 or earlier, you cannot use a later license. Instead, you must apply a version 8.2 license, a version 8.1 license, a version 8.0 license, or any combination of these licenses.

Counting Users Against the License Limit

You can add users to your existing license. Each user counts one time for licensing purposes, regardless of how many authenticators are assigned in Authentication Manager:

  • In Authentication Manager, users who are assigned one or more authenticators count against the license limit. Users without authenticators do not count against the limit. Authenticators include hardware tokens, software tokens, on-demand authentication (ODA), risk-based authentication (RBA), or a fixed passcode.

  • Users who are assigned authenticators that are managed in the Cloud Authentication Service do not count against the Authentication Manager license. Authenticators include the SecurID Authenticator app, hardware tokens that are managed in the Cloud Authentication Service, and Emergency Tokencode.

  • The Authentication Manager license count does not increase when users authenticate to the Cloud Authentication Service with the High Availability Tokencode feature or through Authentication Manager configured as a secure proxy server.

Users continue to increase the license count when they exist in an identity source, even if all of their authenticators are unassigned in Authentication Manager. Deleting these users updates the license.

If a user only has a fixed passcode, unassigning the passcode releases the license. Allowing the fixed passcode to expire does not release the license.

The upgrade from AM 8.7 to AM 8.7 releases the licenses for any users with Cloud-only authenticators. Transferring the ownership of hardware tokens to the Cloud Authentication Service releases the licenses.

Authenticate Tokencode Users in Authentication Manager

When Authentication Manager users successfully authenticate with the Authenticate Tokencode, Approve authentication, or Device Biometrics authentication, their user records are assigned the Authenticate app as a token. The Authenticate app does not affect the license count for users who already have an assigned authenticator in Authentication Manager. The Authenticate app increases the license count by one for users who do not have an assigned authenticator in Authentication Manager.

Supported Authentication Methods

Authentication Manager deployments can support additional authentication methods through the Cloud Authentication Service. The SecurID Cloud Plus and Cloud Premier licenses include support for both Authentication Manager and the Cloud Authentication Service.

A license can enable the following optional Authentication Manager features for a specific number of users:

  • On-demand authentication (ODA)
  • Risk-based authentication (RBA)

It is important to know:

  • You can install multiple licenses.
  • The Account ID must be the same for all licenses.
  • The License ID (or Stack ID), must be unique for each license. You cannot install the same license twice.
  • The Security Console displays warning messages when you exceed 85, 95, and 100 percent of the user limit.
  • The system updates the user counts every hour and each time that a administrator views the license status in the Security Console.

RSA provides the license files separately from your RSA Authentication Manager download kit. Make sure that you know the location of the license file before running the primary appliance Quick Setup. The license file must be accessible to the browser that is used to run the primary appliance Quick Setup. Do not unzip the license file.