Getting Started with FIDO-Certified Security Keys with RSA SecurID Access
RSA SecurID Access supports using FIDO2-Certified and U2F-compliant security keys as an authentication option. Additionally, RSA has partnered with Yubico to create the Yubikey for RSA SecurID Access. See RSA and Yubico.
RSA SecurID Access supports FIDO2 security keys for both primary (the passwordless user experience) and additional (or step-up) authentication and U2F keys only for additional authentication. FIDO primary authentication is only supported for service providers (SAML applications). See FIDO.
This document guides you through setting up and using security keys with RSA SecurID Access:
If you are using the RSA Security Key Utility to manage the security key PINs, deploy it to your users' computers. See Using RSA Security Key Utility.
Confirm that FIDO is in the desired assurance level:
In the Cloud Administration Console, click Access > Assurance Levels.
Add or move FIDO to the desired assurance level.
Confirm that you have an access policy that uses that assurance level:
Click Access > Policies.
Click Edit for the policy.
In the Rules Sets tab, confirm that FIDO is listed in Authentication Options.
Add a service provider:
Click Authentication Clients > Relying Parties > Add a Relying Party > Add next to Service Provider.
Determine if you want to use FIDO for primary authentication or additional authentication, or both.
If you want to use FIDO for primary authentication, add a service provider and specify FIDO as the primary authentication method. In the Authentication tab, select RSA SecurID Access manages all authentication. In the Primary Authentication Method drop-down list, select FIDO.
If you are using FIDO for additional authentication, in the Access Policy for Additional Authentication, select the policy that contains FIDO.
Enable FIDO authenticator registration in My Page:
Click Platform > My Page.
Under Configuration, select Users can register FIDO authenticators in My Page and select Security key.