Certified: September 29, 2025
Solution Summary
Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization’s IT infrastructure, steal confidential information, commit financial fraud and disrupt operations. Stolen or misused privileged account credentials are used in nearly all breaches. With this growing threat, organizations need to put controls in place to detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data.
CyberArk Central Policy Manager (CPM) is a core CyberArk component responsible for automated password management. It securely connects to target systems, verifies credentials, rotates passwords based on defined policies, and reconciles accounts if passwords become unsynchronized. This ensures privileged account passwords remain secure, compliant, and automatically updated without manual intervention.
The integration between CyberArk Central Policy Manager (CPM) and RSA SecurID enables secure, automated management of privileged accounts used in RSA SecurID environments.
Using the RSA SecurID CPM plugin, CyberArk can:
- Securely store credentials for RSA SecurID administrative or service accounts inside the CyberArk Vault.
- Automate password lifecycle tasks, including:
- Verify – confirm that the stored password matches the target account’s actual password.
- Change – automatically rotate account passwords on the RSA AM system at scheduled intervals or on-demand.
- Reconcile – reset the password on the target system if it becomes out of sync with the Vault.
The CyberArk Central Policy Manager (CPM) plugin for RSA SecurID supports remote password management for the following types of RSA privileged users:
- RSA Security Console Administrators – The RSA Security Console web application is RSA Authentication Manager’s primary administrative interface. Any RSA Authentication Manager user who has an administrative role is a Security Console administrator. A Security Console Administrator with super admin privileges can use the RSA Authentication Manager server API to manage all other Security Console administrators’ passwords.
- RSA Operations Console Users – The RSA Operations Console web application allows a select group of users (Operation Console administrators) to manage replica servers, identity sources, certificates and backups, and to perform various other system operations. Operation Console users are also entitled to run the rsautil utility on the RSA Authentication Manager appliance command line.
Configuration Summary
This section contains instruction steps that show how to integrate CyberArk Central Policy Manager (CPM) plugin for RSA SecurID for the purpose of password management and rotation of RSA’s privileged users.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components.
All RSA and CyberArk components must be installed and working prior to the integration.
Integration Configuration
AM
CyberArk CPM Plugin Configuration for RSA Authentication Manager - RSA Ready Implementation Guide
RSA Terminology Changes
The following table describes the differences in the terminologies used in the different versions of RSA products and components.
| Previous Version | New Version | Examples/Comments |
| Cloud Authentication Service | Cloud Access Service | |
| Token | OTP Credential | SecurID OTP Credential |
| Authenticator | Hardware Authenticator | |
| Tokencode | OTP | SecurID OTP, SMS OTP, Voice OTP |
| Access Code | Emergency Access Code | |
| SecurID Authenticate app | RSA Authenticator app | RSA Authenticator app for iOS and Android, RSA Authenticator app for Windows |
| Device | Authenticator | Register an authenticator |
| Company ID | Organization ID | |
| Account | Credential | |
| Device Serial Number | Binding ID |
Certification Details
RSA Authentication Manager
CyberArk Central Policy Manager (CPM)
Known Issues
No known issues.
Related Articles
Application unavailable with 296 services failed Number of Views CyberArk Password Vault Web Access - SAML Relying Party Configuration - RSA Ready Implementation Guide Number of Views What are the services and processes running on the Enterprise Manager Enterprise Coordinator and Remote Site Coordinator … Number of Views CyberArk Vault - RADIUS Configuration with Cloud Access Service - RSA Ready Implementation Guide Number of Views RSA Announces the Availability of RSA Via Lifecycle and Governance 7.0 Release Number of Views
Trending Articles
Unable to attach a replica instance due to a configuration error when enabling replication for the RADIUS server for RSA A… RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Troubleshooting RSA MFA Agent for Microsoft Windows RSA Authentication Manager Upgrade Process
