Some enterprise security policies either disallow or require a justification to use a wildcard certificate.
If you are using the RSA SecurID Access Application Portal for SSO and protecting applications using HTTP Federation (HFED) rather than SAML, it is recommended to install a wildcard certificate into your IDRs. It is technically possible to use a non-wildcard certificate in this scenario; however, you would need to instead create a portal certificate that includes a Subject Alternative Name for each HFED protected application.
If you plan to use Authenticate Application tokencodes to authenticate to SecurID protected on-premise applications you also need to install an SSL certificate into your IDRs. However, if you are not making use of the SSO application portal then this certificate need not be a wildcard certificate.
Using the SecurID Access RADIUS feature does not require installing IDR certificates.