SecurID® Integrations

Thycotic Secret Server 10.6- RSA Ready SecurID Access Implementation Guide

Thycotic Software LLC

Secret Server 10.6

Certified: May 13th, 2019


Solution Summary

This section describes the ways that Thycotic Secret Server can integrate with RSA SecurID Access. Use this information to determine the use case and integration type for your deployment.

Use Case

When integrated, Thycotic Secret Server users must authenticate with RSA SecurID Access. Thycotic Secret Server can be integrated with RSA SecurID Access using RADIUS, SAML SSO Agent and Relying Party.


Integration Types

RADIUS integrations provide a text driven interface for RSA SecurID Access within the partner application. RADIUS provides support for most RSA SecurID Access authentication methods and flows.

SSO Agent integrations use SAML 2.0 or HFED technologies to direct users’ web browsers to RSA SecurID Cloud Authentication Service for authentication. SSO Agents also provide Single Sign-On using the RSA Application Portal.

Relying Party integrations use SAML 2.0 to direct users’ web browsers to RSA SecurID Cloud Authentication Service for authentication. Primary authentication is configurable, so Relying Party can be a good choice for adding additional authentication (only) to existing deployments.

Supported Features

This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use. The next section in this guide contains the steps to integrate RSA SecurID Access with Thycotic Secret Server for each integration type.


Thycotic Secret Server integration with RSA Cloud Authentication Service

Authentication Methods

Authentication API


Relying Party

SSO Agent

RSA SecurID-
LDAP Password-
Authenticate Approve-
Authenticate Tokencode-
Device Biometrics-
SMS Tokencode-
Voice Tokencode-
FIDO Tokenn/an/a


Thycotic Secret Server integration with RSA Authentication Manager

Authentication Methods

Authentication API

RADIUSAuthentication Agent
RSA SecurID--
On Demand Authentication--
Risk-Based Authenticationn/a--


- Not supported
n/tNot yet tested or documented, but may be possible.

Configuration Summary

The following links provide instructions on how to integrate Thycotic Secret Server with RSA SecurID Access.

This document is not intended to suggest optimum installations or configurations. It is assumed that you have both working knowledge of all products involved and the ability to perform the tasks outlined in this section. You should have access to the product documentation for all products in order to install the required components. All RSA SecurID Access and Thycotic Secret Server components must be installed and working prior to the integration.

Integration Configuration

RADIUS with Authentication Manager

RADIUS with Cloud Authentication Service

Relying Party

SSO Agent - SAML


Certification Details

Date of testing: April 16th, 2019

RSA SecurID Cloud Authentication Service

RSA Authentication Manager 8.3, Virtual Appliance

Thycotic Secret Server 10.6, Windows Server 2019


Known Issues

No known issues.

Labels (1)
No ratings
Version history
Last update:
‎2019-05-22 04:37 PM
Updated by:
Article Dashboard