RSA Authentication Manager License Support

RSA Authentication Manager is provided with the RSA SecurID Access Base Edition, Enterprise Edition, and Premium Edition. For more information about what is included in each license, see “RSA SecurID Access Editions” at

Authentication Manager has the following requirements:

  • For RSA Authentication Manager 8.0 or later, you cannot use a version 6.1 or version 7.1 license.
  • If version 8.2 Patch 3 is applied or if you have version 8.2 Service Pack 1 (SP1) or later, any version 8.0 or later license can be used.
  • If you have version 8.2 Patch 2 or earlier, you cannot use a later license. Instead, you must apply a version 8.2 license, a version 8.1 license, a version 8.0 license, or any combination of these licenses.

Authentication Manager supports stackable licenses that allow you to add users and authenticators to your existing license. In Authentication Manager, authenticators include hardware tokens, software tokens, and the RSA SecurID Authenticate app. When Authentication Manager users successfully authenticate with the Authenticate Tokencode, Approve authentication, or Device Biometrics authentication, their user records are assigned the Authenticate app as a token. The Authenticate app does not affect the license count for users who already have an assigned authenticator in Authentication Manager. The Authenticate app increases the license count by one for users who do not have an assigned authenticator in Authentication Manager.

Authentication Manager deployments can support additional authentication methods through the Cloud Authentication Service. The RSA SecurID Access Base Edition, Enterprise Edition, and Premium Edition include support for both Authentication Manager and the Cloud Authentication Service.

Each edition includes the following Authentication Manager features:

  • A specific number of tokens (authenticators).
  • Self-Service
  • Authenticator workflow provisioning
  • Offline authentication
  • Embedded identity router

An edition can include the following optional Authentication Manager features:

  • On-demand authentication (ODA)
  • Risk-based authentication (RBA)

The Premium Edition includes risk-based identity confidence. This feature allows the Cloud Authentication Service to establish high or low confidence in a user's identity based on data it collects when users attempt to authenticate over a period of time

It is important to know:

  • You can install multiple licenses.
  • The Account ID must be the same for all licenses.
  • The License ID (or Stack ID), must be unique for each license. You cannot install the same license twice.
  • Users only count against the license limit if they have one or more assigned authenticators. Users without authenticators do not count against the limit.
  • Each assigned authenticator used to access agent-protected resources counts against the license limit. For example, a user who authenticates with a hardware token and the Authenticate app is considered to have two authenticators for licensing purposes.
  • If High Availability Tokencode is configured, token records are created for each RSA SecurID Access user who registered the Authenticate app with the Cloud Authentication Service. However, no additional licenses are consumed.
  • The Security Console displays warning messages when you exceed 85, 95, and 100 percent of the user limit.
  • The system updates the user counts every hour and each time that a administrator views the license status in the Security Console.

RSA provides the license files separately from your RSA Authentication Manager download kit. Make sure that you know the location of the license file before running the primary appliance Quick Setup. The license file must be accessible to the browser that is used to run the primary appliance Quick Setup. Do not unzip the license file.