RSA Cloud Plan LicensesRSA Cloud Plan Licenses
RSA offers three licenses: Cloud, Cloud Plus, and Cloud Premier.
SecurID Editions are still supported. For more information, visit SecurID Editions.
For information about ID Plus plans, see ID Plus Licenses.
The high-level details are described below:
Authentication ComponentsAuthentication Components
The following table shows the authentication software available with each license.
| Cloud | Cloud Plus | Cloud Premier | |
|---|---|---|---|
| Cloud Authentication Service | Included | Included | Included |
|
SecurID Authentication Manager Server Enterprise License: 1 Primary Instance and up to 15 Replica Instances |
Included | Included | |
| Authentication Manager server with Authentication Manager Bulk Administration (AMBA) | Included | Included |
Note: RSA continues to support existing Authentication Manager Server Base and Enterprise licenses.
SecurID® Federal SecurID® Federal
RSA offers a FedRAMP-authorized version of the Cloud Plus and the Cloud Premier licenses. SecurID® Federal includes a separate cloud instance reserved for United States Federal Government customers and other authorized agencies.
SecurID® Federal does not support authentication with SMS Tokencode or Voice Tokencode.
Authentication IntegrationsAuthentication Integrations
The following table shows the authentication integrations available with each license.
| Standard Agents |
RSA Ready SecurID Agents |
RADIUS Agents | SecurID Authentication API |
SAML Authentication | Web Proxy (Trusted Headers, Password Vaulting) |
|
|---|---|---|---|---|---|---|
| Cloud Premier | Included | Included | Included | Included | Included | Included |
| Cloud Plus | Included | Included | Included | Included | Included | |
| Cloud | SAML-based only | Included |
Authentication MethodsAuthentication Methods
The Cloud, Cloud Plus, and Cloud Premier licenses include the following authentication methods:
-
Approve (Push) notification through the SecurID App and wearable devices
-
One-Time Passcode (OTP) delivered on-demand through the SecurID App
-
Integrated SMS Tokencode and Voice Tokencode available as an add-on
-
Passwordless authentication through FIDO2 and Device Biometrics, such as Apple FaceID, Android biometrics and Windows Hello
-
Secure One-Time Passcodes using SecurID hardware and software tokens
-
Emergency Tokencode
-
(Cloud Plus and Cloud Premier only) Customized authentication through the Mobile SDK
Deploying Authentication Manager as the on-premises component of the Cloud Authentication Service provides failover and ensures high availability, including offline authentication. This deployment is an option for the Cloud Plus license and included in the Cloud Premier license.
Hardware tokens are sold separately.
Access ComponentsAccess Components
The Cloud Authentication Service allows you to use specific attributes in access policy conditional expressions. These expressions are used to determine authentication requirements and who is allowed or denied access to resources. The following table shows which attributes are available with each license.
|
Cloud |
Cloud Plus |
Cloud Premier |
|
|---|---|---|---|
| My Page Attributes | |||
| Customized SSO portal branding | x | x | |
| Access Policy Attributes | |||
| Identity source attributes (used in rule sets to select target population for policy) | x | x | x |
| IP address (conditional attribute) | x | x | x |
|
Additional conditional attributes:
|
x | x | |
|
Cloud Premier attributes include all attributes listed above and the following conditional attributes:
|
x |
Note: If your deployment is downgraded from Cloud Premier to Cloud Plus, you must examine your access policies and edit them if necessary to ensure that they comply with the Cloud Plus license. Policies that are not up-to-date can result in authentication failures.
