SecurID Editions

SecurID offers three editions: Base Edition, Enterprise Edition, and Premium Edition. For details, see:

Authentication Components

The following table shows the authentication software available with each edition.

Base Edition Enterprise Edition Premium Edition

Authentication Manager Server:

1 Primary Instance, 1 Replica Instance

x x x

Cloud Authentication Service

x x x

Authentication Manager Server:

1 Primary Instance and up to 15 Replica Instances

x x
Authentication Manager server with Authentication Manager Bulk Administration (AMBA) x x

SecurID® Federal

SecurID offers a FedRAMP-authorized version of each SecurID edition. SecurID® Federal includes code changes for FedRAMP compliance.

SecurID® Federal does not support authentication with SMS Tokencode or Voice Tokencode.

Authentication Agents

All SecurID editions support the following authentication agents:

  • Standard agents: IIS/Apache, Windows (RSA Authentication Agent and RSA MFA Agent), PAM, Citrix, ADFS

  • 400+ RSA Ready SecurID agents (VPN, perimeter & on-premises)

  • RADIUS agents with token support

  • SecurID Authentication API - deployed on-premises

  • RADIUS agents with push and biometrics support

  • Cloud SAML authentication

  • Authentication API - cloud deployed

  • SSO Agent for SaaS and web (SAML, proxy, and password vault)

Authentication Methods

All SecurID editions support the following authentication methods:

  • SecurID hardware and software tokens, on-demand authentication (ODA/SMS)

  • Authenticate App: Tokencode, Approve, or Device Biometrics (such as Fingerprint, Face ID, or Windows Hello)

  • Integrated SMS Tokencode and Voice Tokencode

  • Emergency Tokencode

Enterprise or Premium Edition is required to enable third-party FIDO authenticators.

Individual authenticators are sold separately.

Access Policy Attributes

The Cloud Authentication Service allows you to use specific attributes in access policy conditional expressions. These expressions are used to determine authentication requirements and who is allowed or denied access to resources. The following table shows which attributes are available with each edition.

Access Policy Attributes

Base Edition

Enterprise Edition

Premium Edition

Identity source attributes (used in rule sets to select target population for policy) x x x
IP address (conditional attribute) x x x

Additional conditional attributes:

  • Authentication Type

  • Authentication Source

  • Country

  • Known Browser

  • Trusted Location

  • Trusted Network

  • User Agent

x x

Premium Edition attributes include all attributes listed above and the following conditional attributes:

  • High-Risk User List

  • Identity Confidence

x

Note: If your deployment is downgraded from Premium Edition to Enterprise Edition, you must examine your access policies and edit them if necessary to ensure that they comply with the Enterprise Edition license. Policies that are not up-to-date can result in authentication failures.