ID Plus Licenses

RSA offers three ID Plus subscription license plans: E1, E2 and E3. For more information, see the ID Plus page on

SecurID Cloud Plans and SecurID Editions are still supported. For more information, see SecurID Cloud Plans and SecurID Editions.

The high-level details are described below:

Authentication Components

The following table shows the authentication software available with each license.

ID Plus E1 ID Plus E2 ID Plus E3
RSA Cloud Service Included Included Included

RSA Authentication Manager Server Enterprise License:

1 Primary Instance and up to 15 Replica Instances

Included Included
Authentication Manager server with Authentication Manager Bulk Administration (AMBA) Included Included

SecurID® Federal

RSA offers a FedRAMP-authorized version of the ID Plus E2 and ID Plus E3 licenses. SecurID® Federal includes a separate cloud instance reserved for United States Federal Government customers and other authorized agencies.

SecurID® Federal does not support authentication with SMS Tokencode or Voice Tokencode.

Authentication Integrations

The following table shows the authentication integrations available with each license.

RSA Ready



Authentication API
SAML Authentication Web Proxy
(Trusted Headers)
Web Proxy (NTLM, Password Vaulting)
ID Plus E3 Included Included Included Included Included Included Included
ID Plus E2 Included Included Included Included Included Optional
ID Plus E1 SAML-based only Included

Integrations with cloud-based and on-premises directories, including Active Directory, Azure AD, LDAPv3.

Authentication Methods

The ID Plus E1, E2 and E3 licenses include the following authentication methods:

  • Approve (Push) notification through the SecurID App and wearable devices

  • One-Time Passcode (OTP) delivered on-demand through the SecurID App

  • Integrated SMS Tokencode and Voice Tokencode available as an add-on

  • Passwordless authentication through FIDO2 and Device Biometrics, such as Apple FaceID, Android biometrics and Windows Hello

  • Secure One-Time Passcodes using RSA hardware and software tokens

  • Emergency Tokencode

  • (ID Plus E2 and ID Plus E3 only) Customized authentication through the Mobile SDK

ID Plus E2 and E3 include an on-premises and cloud authentication components. The on-premises component of the RSA cloud services provides failover and ensures high availability, including offline authentication. This deployment is included in the ID Plus E2 and ID Plus E3 license.

Hardware tokens are sold separately.

Access Policy Attributes

The cloud service included with ID Plus allows you to use specific attributes in access policy conditional expressions. These expressions are used to determine authentication requirements and who is allowed or denied access to resources. The following table shows which attributes are available with each license.

Access Policy Attributes ID Plus E1 ID Plus E2 ID Plus E3
Identity source attributes (used in rule sets to select target population for policy) x x x
IP address (conditional attribute) x x x

Additional conditional attributes:

  • Authentication Type

  • Authentication Source

  • Country

  • Known Browser

  • Trusted Location

  • Trusted Network

  • User Agent (Device)

x x

Additional conditional attributes:

  • High-Risk User List

  • Identity Confidence


RSA® Risk AI: Leveraging machine learning, anomaly detection and real-time risk scoring to ensure identity confidence to minimize interrupting end users

Optional x
Mobile Lock Optional Optional

Note: If your deployment is downgraded from ID Plus E3 to ID Plus E2, you must examine your access policies and edit them if necessary to ensure that they comply with the ID Plus E2 license. Policies that are not up-to-date can result in authentication failures.