Microsoft Active Directory Federation Services - RSA Ready SecurID Access Implementation Guide
Certified: 08/28/2021
Solution Summary
This section describes the ways in which Microsoft Active Directory Federation Services can integrate with RSA SecurID Access. Use this information to determine which use case and integration type your deployment will employ.
Integration Types
SSO Agent integrations use SAML 2.0 or HFED technologies to direct users’ web browsers to Cloud Authentication Service for authentication. SSO Agents also provide Single Sign-On using the RSA Application Portal.
Relying party integrations use SAML 2.0 to direct users’ web browsers to Cloud Authentication Service for authentication. Primary authentication is configurable, so relying party can be a good choice for adding additional authentication (only) to existing deployments.
Supported Features
This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use. The next section contains the steps to integrate RSA SecurID Access with Microsoft Active Directory Federation Services for each integration type.
Microsoft Active Directory Federation Services Integration with RSA Cloud Authentication Service
| RSA SecurID |
- |
- |
✔ |
✔ |
| LDAP Password |
- |
- |
✔ |
✔ |
| Authenticate Approve |
- |
- |
✔ |
✔ |
| Authenticate Tokencode |
- |
- |
✔ |
✔ |
| Device Biometrics |
- |
- |
✔ |
✔ |
| SMS Tokencode |
- |
- |
✔ |
✔ |
| Voice Tokencode |
- |
- |
✔ |
✔ |
| FIDO Token |
n/a |
n/a |
✔ |
✔ |
| Identity Assurance |
- |
- |
✔ |
✔ |
Microsoft Active Directory Federation Services Integration with RSA Authentication Manager
| RSA SecurID |
- |
- |
- |
| On-Demand Authentication |
- |
- |
- |
| Risk-Based Authentication |
n/a |
- |
- |
| ✔ |
Supported |
| - |
Not supported |
| n/t |
Not yet tested or documented, but may be possible. |
Configuration Summary
The following links provide instructions on how to integrate Microsoft Active Directory Federation Services with RSA SecurID Access.
This document is not intended to suggest optimum installations or configurations. It assumes the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All RSA SecurID Access and Microsoft Active Directory Federation Services components must be installed and working prior to the integration.
Integration Configuration
Certification Details
Date of testing: 08/28/2021
RSA Cloud Authentication Service
Microsoft Windows Server 2016
Microsoft Active Directory Federation Services management console version 10.0.0.0
Known Issues
On Single Sign-On Settings on Salesforce, URLs entered in Issuer and Identity Provider Login URL fields, should be case sensitive and URL's domain should correctly match that on the Identity Provider Certificate.
