SecurID® Integrations
Certified: October 31st, 2019
Solution Summary
Use Case
When integrated Amazon AWS end users must authenticate with RSA SecurID Access to sign in. Amazon AWS can integrate using SAML SSO Agent. RSA SecurID Access also supports passing additional attributes as Session Tags to Amazon AWS during sign in as part of the SAML assertion. Amazon AWS does not support JIT (just in time) user provisioning.
Integration Types
SSO Agent integrations use SAML 2.0 technology to direct users’ web browsers to RSA SecurID Access for authentication. SSO Agents also provide Single Sign-On to other applications using the RSA Application Portal.
Supported Features
This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA SecurID Access with Amazon AWS using each integration type.
Amazon AWS integration with RSA Cloud Authentication Service
| Authentication Methods |
Authentication API |
RADIUS |
Relying Party |
SSO Agent - SAML |
|---|---|---|---|---|
| RSA SecurID | - | - | - |  |
| LDAP Password | - | - | - | |
| Authenticate Approve | - | - | - | |
| Authenticate Tokencode | - | - | - | |
| Device Biometrics | - | - | - | |
| SMS Tokencode | - | - | - | |
| Voice Tokencode | - | - | - | |
| FIDO Token | n/a | n/a | - | |
Amazon AWS integration with RSA Authentication Manager
| Authentication Methods |
Authentication API |
RADIUS | Authentication Agent |
|---|---|---|---|
| RSA SecurID | - | - | - |
| On Demand Authentication | - | - | - |
| Risk-Based Authentication | n/a | - | - |
|
Supported |
| - | Not supported |
| n/t | Not yet tested or documented, but may be possible. |
| n/a | Not applicable |
Configuration Summary
This section contains links to the sections that contain instruction steps that show how to integrate Amazon AWS with RSA SecurID Access using all of the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All RSA SecurID Access and Amazon AWS components must be installed and working prior to the integration.
Links
SSO Agent - SAML (Using Session Tags for AWS)
Known Issues
No known issues
Certification Details
Date of testing: October 14th, 2019
RSA Cloud Authentication Service
Amazon AWS
