Configure High Availability OTP

If Cloud Authentication Service (CAS) cannot be reached because the connection is temporarily unavailable or too slow, RSA Authentication Manager can use downloaded High Availability OTP records to prompt users for Authenticate Tokencode. Users who authenticate with methods that are supported by the Authenticate app, such as Approve and Device Biometrics, are prompted for Authenticate Tokencode or RSA SecurID authentication. This feature does not support forwarding RADIUS authentication to Cloud Authentication Service or authentication to SaaS applications.

Before you begin 

License usage does not increase for users who already have a registered authenticator.

Procedure 

1. Connect RSA Authentication Manager to Cloud Authentication Service.

   You must have either a direct connection between RSA Authentication Manager 8.5 or later and Cloud Authentication Service or a connection that uses the embedded identity router in AM. This feature does not support a connection that uses identity routers on platforms in your on-premises network or in the Amazon Web Services cloud.

2. The Cloud Authentication Service mapping for Primary Username and AM mapping for UID must point to the same attribute in the identity source. When Cloud Authentication Service sends token records to AM, AM uses the securIDUsername field from the token records to find users in the identity source that is synchronized to the Cloud Authentication Service.
3. Enable High Availability OTPs in Cloud Administration Console:
   1. In the Cloud Administration Console, click Platform > Authentication Manager.
   2. In the High Availability OTP field, click Enable.
   3. Click Publish Changes to apply the configured settings.