This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Community Blog

Subscribe to the official SecurID Community blog for information about new product features, industry insights, best practices and more.

Access Policy 2.0 : Easily Rollout Passwordless to the Masses

Kenn_Chong
Respected Contributor Respected Contributor
Respected Contributor
1 0 1,745
‎2023-09-25 02:41 PM

Organizations today want to make it easy for users to access protected work resources secured with Passwordless authentication options. When users access protected work resources, they must prove they are who they say they are by authenticating themselves. This is achieved through an initial authentication workflow (Primary Authentication), and conditionally an additional authentication workflow (Step-Up Authentication).

RSA is dedicated to offering Passwordless options for organizations to choose from enabling them to secure access to work resources. Coming soon in the RSA ID Plus October 2023 Release, we will assist admins to deploy Passwordless authentication easily within access policies that are more flexible than before. This new type of access policy is called Access Policy 2.0. Let us explore further how 2.0 Polices help admins easily introduce RSA’s range of Passwordless options such as FIDO, QR-Code and SecurID One-Time Password (OTP) to their organizations compared to the previous 1.0 Policies.  

Switching Multiple Resources to Passwordless at Once

2.0 Policies will allow admins to define both Primary and Step-up Authentication options within the same access policy. This saves administrative time should there be a need to modify the Primary Authentication method for a set of resources that use the same access policy.

1.0 Policies limit admins to only configuring Step-Up authentication methods. This makes management of policies difficult because the Primary Authentication method for a 1.0 Policy of each configured resource assigned to that policy must be individually configured for that resource, even if it is the same Primary Authentication method.

 

Kenn_Chong_0-1694019106118.png

 

Let us use the following example of resource A (Cisco VPN) and resource B (ADP Payroll), each individually configured with Password as the Primary Authentication method but both utilizing the same 1.0 Policy to Step-Up users when needed. If an admin wants to secure both resources with Passwordless options, they will need to individually configure each resource. This will become tedious very quickly if it were 25 resources instead of 2. With a 2.0 Policy, just configure the Primary Authentication methods one time and it will apply to all resources that use the same policy - saving valuable administrative time.

Flexible Passwordless Primary Auth Options

Primary Authentication within 2.0 Policies will provide admins the flexibility to offer users a choice from a set of allowable authentication methods, just like how they can with Step-Up authentication today. Admins now have more Passwordless Primary Authentication methods to choose from within 2.0 Policies including QR-Code, FIDO and SecurID OTP. Aside from that. Admins can also include other methods such as Emergency Access, and not just one, but multiple external Identity Providers (IDPs).    

Kenn_Chong_1-1694019221709.png

 

Externally configured Primary Authentication methods paired with 1.0 Policies limit admins to configuring only one authentication method – either Password, FIDO, SecurID OTP or a single external IDP. This makes it inconvenient in cases where not all users have access to authenticate with the one configured Primary Authentication method. At worst this forces admins to use the lowest insecure common denominator method as the Primary Authentication method, which is Password.

Kenn_Chong_2-1694019309066.png

Can’t Wait to use 2.0 Policies?

We hope you are just as excited as we are with the new 2.0 Policies. We plan to roll out the ability to use 2.0 Policies within RSA ID Plus in phases, starting with RSA My Page. When the October 2023 Release goes live, there will be no impact to existing My Page customers. When you do decide to make any change to your My Page configuration, you will need to migrate to a 2.0 Policy then.

Kenn_Chong_3-1694019364645.png

 

Kenn_Chong_4-1694019420862.png

To make this easy, we have created a one-click migration button that will seamlessly convert your 1.0 Policy to a new 2.0 Policy, as shown in the screenshot above. Don’t forget to review the upcoming October 2023 Release Product Advisory and Release Notes when they go live for more information about 2.0 Policies and other benefits that are related to this feature.  

We will post product advisory updates as we continue making product improvements in future releases that will allow other resources to be protected with 2.0 policies. We hope you will include the use of 2.0 Policies as part of your Passwordless journey.

We are excited to have you experience the new wide range of Passwordless authentication solutions with the roll-out of 2.0, and look forward to making your job of managing access easier for you and a great experience for your organization and users.

© 2023 RSA Security LLC or its affiliates. All rights reserved.