SecurID® Community Blog

Subscribe to the official SecurID Community blog for information about new product features, industry insights, best practices and more.

Access Policy 2.0 : Easily Rollout Passwordless to the Masses

Respected Contributor Respected Contributor
Respected Contributor
1 0 1,745

Organizations today want to make it easy for users to access protected work resources secured with Passwordless authentication options. When users access protected work resources, they must prove they are who they say they are by authenticating themselves. This is achieved through an initial authentication workflow (Primary Authentication), and conditionally an additional authentication workflow (Step-Up Authentication).

RSA is dedicated to offering Passwordless options for organizations to choose from enabling them to secure access to work resources. Coming soon in the RSA ID Plus October 2023 Release, we will assist admins to deploy Passwordless authentication easily within access policies that are more flexible than before. This new type of access policy is called Access Policy 2.0. Let us explore further how 2.0 Polices help admins easily introduce RSA’s range of Passwordless options such as FIDO, QR-Code and SecurID One-Time Password (OTP) to their organizations compared to the previous 1.0 Policies.  

Switching Multiple Resources to Passwordless at Once

2.0 Policies will allow admins to define both Primary and Step-up Authentication options within the same access policy. This saves administrative time should there be a need to modify the Primary Authentication method for a set of resources that use the same access policy.

1.0 Policies limit admins to only configuring Step-Up authentication methods. This makes management of policies difficult because the Primary Authentication method for a 1.0 Policy of each configured resource assigned to that policy must be individually configured for that resource, even if it is the same Primary Authentication method.




Let us use the following example of resource A (Cisco VPN) and resource B (ADP Payroll), each individually configured with Password as the Primary Authentication method but both utilizing the same 1.0 Policy to Step-Up users when needed. If an admin wants to secure both resources with Passwordless options, they will need to individually configure each resource. This will become tedious very quickly if it were 25 resources instead of 2. With a 2.0 Policy, just configure the Primary Authentication methods one time and it will apply to all resources that use the same policy - saving valuable administrative time.

Flexible Passwordless Primary Auth Options

Primary Authentication within 2.0 Policies will provide admins the flexibility to offer users a choice from a set of allowable authentication methods, just like how they can with Step-Up authentication today. Admins now have more Passwordless Primary Authentication methods to choose from within 2.0 Policies including QR-Code, FIDO and SecurID OTP. Aside from that. Admins can also include other methods such as Emergency Access, and not just one, but multiple external Identity Providers (IDPs).    



Externally configured Primary Authentication methods paired with 1.0 Policies limit admins to configuring only one authentication method – either Password, FIDO, SecurID OTP or a single external IDP. This makes it inconvenient in cases where not all users have access to authenticate with the one configured Primary Authentication method. At worst this forces admins to use the lowest insecure common denominator method as the Primary Authentication method, which is Password.


Can’t Wait to use 2.0 Policies?

We hope you are just as excited as we are with the new 2.0 Policies. We plan to roll out the ability to use 2.0 Policies within RSA ID Plus in phases, starting with RSA My Page. When the October 2023 Release goes live, there will be no impact to existing My Page customers. When you do decide to make any change to your My Page configuration, you will need to migrate to a 2.0 Policy then.




To make this easy, we have created a one-click migration button that will seamlessly convert your 1.0 Policy to a new 2.0 Policy, as shown in the screenshot above. Don’t forget to review the upcoming October 2023 Release Product Advisory and Release Notes when they go live for more information about 2.0 Policies and other benefits that are related to this feature.  

We will post product advisory updates as we continue making product improvements in future releases that will allow other resources to be protected with 2.0 policies. We hope you will include the use of 2.0 Policies as part of your Passwordless journey.

We are excited to have you experience the new wide range of Passwordless authentication solutions with the roll-out of 2.0, and look forward to making your job of managing access easier for you and a great experience for your organization and users.