There is a requirement to limit access to the RSA SecurID Access portal for some or all users, and only allow applications to be accessed through each application-specific URL.
You can limit login to the Portal by IP address or other criteria, similar to what can be done per application. For example, you could limit access such that only your company's private IP addresses are allowed to login. For more information see Portal Multifactor Authentication Policy . You can set IP restrictions in Access policy . A login attempt by a user who is denied by policy results in the message "Access Denied. Contact your administrator" on the login page, and the login is not allowed.
Alternatively, you can allow a Portal login but limit which applications are displayed in the Portal. Refer to Application Availability and Visibility. If there are no applications that are displayed in the Portal, or if a user is denied access to all applications, then a login to the Portal is allowed, but no applications are shown. Instead the message "You are not permitted to access any applications. Contact your administrator." is displayed.
To block access to the portal login page entirely would need to be done on your company's network outside of SecurID Access using a URL filtering device such as a Web Application Firewall. Bear in mind that redirect URLs used during single sign-on (SSO) include the Portal domain name, so access to the Portal domain name cannot be blocked entirely - certain URL patterns will need to be allowed.
There is no RSA SecurID Access configuration option to disable the Portal entirely. The URL for it is always available.
The Portal does not display allapplications to all users. Only those to which the signed in user has access, optionally with some step-up authentication, are displayed. Note that, having the ability to login to the Portal will not allow a user to access an application for which they do not have an entitlement.
In addition to displaying applications the user has rights to login to, the Portal also: