RSA Via Access is an access and authentication platform with a hybrid on-premise and cloud-based service architecture. RSA Via Access helps secure access to SaaS and on-premise web applications for users, with mobile-optimized authentication methods for multifactor identity assurance. RSA Via Access helps accelerate user productivity with single sign-on (SSO) and enables a company to control how users access these applications with centralized access and authentication policies.
How RSA Via Access Works
RSA Via Access users access protected web applications (both SaaS and on-premise) through the application portal. The application portal displays app icons for the applications available to each user.
Users access the application portal through a browser on a PC desktop, laptop, tablet, or smartphone. After users authenticate to the application portal (either with a username or e-mail address and password or Integrated Windows Authentication) and click application icons to access applications, users might also be prompted for additional (step-up) authentication in the browser or using the RSA Via mobile app. If a company is using mobile authentication methods, users need to install the RSA Via mobile app from the Apple App Store or Google Play.
RSA Via Access supports hundreds of SaaS and on-premise web applications. Administrators can add applications to RSA Via Access from a catalog of pre-configured applications or can add their own SAML and non-SAML applications.
Administrators create access policies to control which applications users can access and how users authenticate to those applications. For example, an administrator might create an access policy that allows only a company's sales team to access an application with sensitive customer information. Access policies are based on user attributes in RSA Via Access. Access policies can specify user groups, roles, and other LDAP directory server user attributes, as well as IP addresses (for example, within a corporate network or not). Access policies also determine if step-up authentication is needed and which assurance level is required.
The on-premise Identity Router® contains the access policies and connects to the LDAP directory server. RSA Via Access checks the LDAP directory server and access policies to determine if users can access applications and if step-up authentication is required. The identity router can also connect to RSA Authentication Manager to enable RSA SecurID as an authentication method.
If step-up authentication is required for an application, the identity router contacts the RSA Via Access hosted service to handle the authentication request.
Benefits
RSA Via Access provides the following key benefits:
- Cost-savings for implementing SSO with out-of-the-box connectivity to popular applications.
- Support of SaaS and on-premise web applications.
- Support of SAML and non-SAML applications.
- Single point of access to protected applications with the application portal.
- Centralized access control policies that consistently enforce different security requirements for applications based on assurance levels.
- LDAP directory server user passwords stay on-premise and are not synchronized to the RSA Via Access hosted service.
- Convenient, mobile step-up authentication that leverages capabilities built into a mobile device through the RSA Via mobile app.
- Integration with RSA Authentication Manager 8.x to extend your RSA SecurID deployment to protect applications.
