Referencing this document: 000033354 - How to enable or disable strict TLS 1.2 mode in RSA Authentication Manager 8.2
These instructions are very clear but seem to assume the existence of a web tier in Step 6.
What (if any) additional steps are necessary to set up TLS 1.2 if my deployment does NOT have a web tier?
No extra steps.
A web tier is essentially an advanced, RSA-specific proxy server, that can sit on your DMZ
and allow 'world' access to your self service functions, ctkip, and also RBA from edge devices.
Web tiers are optional, and most updates to web tiers are done by making
an update or change to your RSA servers first, then pushing the new update
or change out to the web tiers.
To add to Ed's detail, in AM 8.1 SP1 P13 or higher, there were specific Web Tier commands to enable strict TLS on the Web Tiers after or in addition to enabling it on AM primary or replica, but with AM 8.2 once you enable strict TLS on the Primary or Replica, it will automatically update the Web Tiers. So in your case there are no Web Tiers to update, so nothing more happens or needs to happen.
No extra steps.
A web tier is essentially an advanced, RSA-specific proxy server, that can sit on your DMZ
and allow 'world' access to your self service functions, ctkip, and also RBA from edge devices.
Web tiers are optional, and most updates to web tiers are done by making
an update or change to your RSA servers first, then pushing the new update
or change out to the web tiers.