RSA SecurID

The RSA SecurID node lets you use the RSA Cloud Authentication Service (RSA ID Plus) or RSA Authentication Manager from within an authentication journey on your Identity Cloud environment.

This node lets users authenticate using their registered RSA authenticators, including:

SecurID OTP (hardware and software tokens), including new PIN mode
SecurID Authenticate OTP
Emergency Access Code
Approve (Push Notifications)
Device Biometrics
QR Code
SMS OTP
Voice OTP

Quick start with sample journeys

Identity Cloud provides sample journeys to help you understand the most common RSA SecurID use cases. To use the samples, download the JSON files for sample journeys and import the downloaded sample journeys into your Identity Cloud environment.

Dependencies

To use this node, you must:

Enroll RSA authenticators. Refer to RSA SecurID setup for more information.
Ensure the username on the shared node state matches one of the following:
- The username, alternate username, or email address of the user in the RSA Cloud Authentication.
- The username in RSA Authentication Manager.

RSA SecurID setup

The RSA SecurID node in Identity Cloud can be used with the RSA Cloud Authentication Service or RSA Authentication Manager. Depending on which integration you choose, the RSA setup differs slightly.

Setup with RSA Cloud Authentication Service

Configure the following using the RSA Cloud Administration Console:
1. Assurance Levels: Refer to the Configure Assurance Levels page in the RSA documentation.
2. Policies: Refer to the Manage Access Policies page in the RSA documentation.
  
  Note the policy name you will use when configuring the RSA SecurID node in your Identity Cloud journey.
3. Authentication API Keys: Refer to the Manage the SecurID API Keys in the RSA documentation.
  
  Note the SecurID Authentication API REST URL and Authentication API key you will use when configuring the RSA SecurID node in your Identity Cloud journey.
4. End users enroll their RSA authenticators: Refer to the Manage My Page in the RSA documentation.

Setup with RSA Authentication Manager

Using the RSA Authentication Manager Security console, configure the following:
1. Go to Access > Authentication Agents > Add New and add a new access agent.
  
  Note the Authentication Agent name. You will need this when configuring the RSA SecurID node in your Identity Cloud journey. For additional information, refer to the Add an Authentication Agent page in RSA documentation.
2. Go to Setup > System Settings > RSA SecurID Authentication API, and note the access key. You will use this key in the SecurID node configuration. For additional information, refer to the Configure the RSA SecurID Authentication API for Authentication Agents page in the RSA documentation.
You’ll need the REST API URL for your RSA environment. Get the REST API URL from your RSA Authentication Manager administrator.

RSA SecurID node implementation

Refer to the implementation details of RSA SecurID node here.