RSA Cloud Plan Licenses

RSA offers three licenses: Cloud, Cloud Plus, and Cloud Premier.

SecurID Editions are still supported. For more information, visit SecurID Editions.

For information about ID Plus plans, see ID Plus Licenses.

The high-level details are described below:

Authentication Components

The following table shows the authentication software available with each license.

Cloud Cloud Plus Cloud Premier
Cloud Authentication Service Included Included Included

SecurID Authentication Manager Server Enterprise License:

1 Primary Instance and up to 15 Replica Instances

Included Included
Authentication Manager server with Authentication Manager Bulk Administration (AMBA) Included Included

Note: RSA continues to support existing Authentication Manager Server Base and Enterprise licenses.

SecurID® Federal

RSA offers a FedRAMP-authorized version of the Cloud Plus and the Cloud Premier licenses. SecurID® Federal includes a separate cloud instance reserved for United States Federal Government customers and other authorized agencies.

SecurID® Federal does not support authentication with SMS Tokencode or Voice Tokencode.

Authentication Integrations

The following table shows the authentication integrations available with each license.

RSA Ready
SecurID Agents
RADIUS Agents SecurID
Authentication API
SAML Authentication Web Proxy
(Trusted Headers, Password Vaulting)
Cloud Premier Included Included Included Included Included Included
Cloud Plus Included Included Included Included Included
Cloud SAML-based only Included

Authentication Methods

The Cloud, Cloud Plus, and Cloud Premier licenses include the following authentication methods:

  • Approve (Push) notification through the SecurID App and wearable devices

  • One-Time Passcode (OTP) delivered on-demand through the SecurID App

  • Integrated SMS Tokencode and Voice Tokencode available as an add-on

  • Passwordless authentication through FIDO2 and Device Biometrics, such as Apple FaceID, Android biometrics and Windows Hello

  • Secure One-Time Passcodes using SecurID hardware and software tokens

  • Emergency Tokencode

  • (Cloud Plus and Cloud Premier only) Customized authentication through the Mobile SDK

Deploying Authentication Manager as the on-premises component of the Cloud Authentication Service provides failover and ensures high availability, including offline authentication. This deployment is an option for the Cloud Plus license and included in the Cloud Premier license.

Hardware tokens are sold separately.

Access Components

The Cloud Authentication Service allows you to use specific attributes in access policy conditional expressions. These expressions are used to determine authentication requirements and who is allowed or denied access to resources. The following table shows which attributes are available with each license.


Cloud Plus

Cloud Premier

My Page Attributes
Customized SSO portal branding x x
Access Policy Attributes
Identity source attributes (used in rule sets to select target population for policy) x x x
IP address (conditional attribute) x x x

Additional conditional attributes:

  • Authentication Type

  • Authentication Source

  • Country

  • Known Browser

  • Trusted Location

  • Trusted Network

  • User Agent

x x

Cloud Premier attributes include all attributes listed above and the following conditional attributes:

  • High-Risk User List

  • Identity Confidence


Note: If your deployment is downgraded from Cloud Premier to Cloud Plus, you must examine your access policies and edit them if necessary to ensure that they comply with the Cloud Plus license. Policies that are not up-to-date can result in authentication failures.