Cloud Administration Console Dashboard

The dashboard displays the deployment setup status, publishing status of configuration changes, the validity of domain certificates, component status, number of protected resources, and a graph of identity router activity.

For more information, see:

Deployment Setup and Configuration Status

After you decide which resources you want to protect and select the appropriate setup path, the dashboard guides you through the first-time setup process and displays the required components for those resources. Select one setup path. You can choose to protect:

  • Applications. Web applications using the SSO Agent on the identity route
  • Relying parties. Web applications protected by the Cloud Authentication Service. These can be individual web applications or third-party SSO service.
  • RADIUS clients. Configure authentication for RADIUS clients such as VPNs.

After initial setup, you can return to the dashboard page to configure additional services at any time. In the Protected Resources section, click a resource to view the components you need to configure. See how it works.

Activity Graph

The Activity Graph is for SSO deployments. It shows the number of active user sessions on the identity routers in your deployment over time. Using the drop-down list at the top of the graph, you can customize the graph to display data for one identity router, or the combined total for all identity routers. Use this information to track periods of peak usage and determine off-peak hours during which to plan maintenance.

Publish Status

Use the Publish Status to determine if there are pending configuration changes to be published, or if another administrator recently published changes to the identity routers and the Cloud Authentication Service. This section displays the following:

  • Date and time that configuration changes were last published.
  • Status message indicating whether all configuration settings in the Cloud Administration Console are synchronized (published) to the identity routers and Cloud Authentication Service.


You can monitor the status of the domain certificates in your deployment, and plan for renewal of expiring certificates. This section displays the following:

  • Date each certificate became valid.
  • Expiration date for each certificate.
  • Remaining time until each certificate expires.

System Status - Identity Routers

The dashboard displays the status of all identity routers in your deployment.

Status Color Meaning
Green Registered and Active
Red Registered and Distressed (not connected to the Cloud Authentication Service)
White Disabled or not registered

The dashboard indicates whether identity sources are configured.

Status Color Meaning
Green Successfully configured
Red Not configured

System Status - SMS/Voice Tokencodes

If your deployment has enabled SMS Tokencodes or Voice Tokencodes, the dashboard displays the total number of tokencodes sent for both authentication methods in one calendar month. The total includes tokencodes that users might not have received for various reasons, for example, if the Cloud Authentication Service has an incorrect phone number for the user, or the user did not answer a Voice call. The number is automatically updated every month.

Note: The month is based on Coordinated Universal (UTC) time, which may differ slightly from your local time zone.

Protected Resources

The dashboard indicates how many applications, service providers, and RADIUS clients have been added to the deployment.

Usage Information

The dashboard displays licensing and authenticator usage information:

Field Description

Active Users (Previous Month)

Active Users(Current Month)

A user who either has a registered authenticator or who authenticated successfully counts as an active user. A user with both counts as one active user. The Cloud Authentication Service reports the number of active users for the previous month and for the current month.

The RSA SecurID Authenticate app and supported FIDO authenticators can be registered with the Cloud Authentication Service. RSA SecurID tokens are assigned in RSA Authentication Manager and are not counted as registered authenticators.

A successful authentication is counted any time the Cloud Authentication Service authenticates the user to allow access to a protected resource. This includes the following situations:

  • When the access policy requires or does not require the user to present an authentication credential.

  • When users authenticate through the Cloud Authentication Service to access resources protected by RSA Authentication Manager agents.

Authentication attempts that are denied access are not counted.

Disabled users are not active users. On the first day of the month, the current month count resets to 0 and the previous month count is refreshed.

MFA Licenses Used Users who registered a device with the RSA SecurID Authenticate app installed.
Users with Third-Party FIDO Authenticators Users who registered a third-party FIDO authenticator. See FIDO for a list of supported authenticators.

Note: This count includes users with RSA-branded Yubico security keys.

SMS and Voice Tokencodes Sent (Month) Resets to 0 on the first day of the month.

The information is updated periodically. The Last Updated field shows the time and date when the information was retrieved.