Edit Cloud Authentication Service Connection
After you connect RSA Authentication Manager to Cloud Authentication Service (Cloud Authentication Service), you can edit the connection.
For instructions on how to configure the initial connection, see the following:
- If you are using separate identity routers on other platforms in your on-premises network or in the Amazon Web Services cloud, see Connect RSA Authentication Manager to the Cloud Authentication Service.
- To connect with an embedded identity router, see Quick Setup - Connect RSA Authentication Manager to Cloud Access Service with an Embedded Identity Router.
Before you begin
You must be a Super Admin.
A new Registration Code and Registration URL is required if you need to re-register AM with Cloud Authentication Service. You must re-register for any of the following reasons:
- You are configuring an embedded identity router.
- You want to enable the high availability tokencode feature, and you are upgrading from an RSA Authentication Manager that is already connected to Cloud Authentication Service.
- The access policy that was used for the original connection has been replaced with a different access policy. The access policy is configured and selected in the Cloud Administration Console.
- The access policy name that was used for the original connection has changed.
- The RSA Authentication Manager API Key used for the original connection has been deleted from the Authentication API Keys page or the Administration API Key page in the Cloud Administration Console. This disconnects AM from Cloud Authentication Service.
- You make changes to an HTTPS proxy server, and you need to connect to Cloud Authentication Service again and accept a new certificate. You do not need to re-register if you configure or update the connection to a HTTP proxy server.
If you need to obtain the Registration Code and Registration URL, see Connect Your Cloud Access Service Deployment to RSA Authentication Manager.
Procedure
In the Security Console, click Setup > System Settings.
Click RSA Cloud Authentication Service Configuration.
If AM is behind an external firewall, you can configure a connection to a proxy server before connecting to Cloud Authentication Service. For more information, see Configure a Proxy Server.
To connect AM to Cloud Authentication Service, do the following:
- Under Register RSA AM with the RSA Cloud Authentication Service, copy and paste the Registration Code and the Registration URL from the Cloud Administration Console, or obtain this information from a Cloud Authentication Service Super Admin and manually enter it.
For more information, see Connect Your Cloud Access Service Deployment to RSA Authentication Manager.
- Click Connect to the RSA Cloud Authentication Service.
A message indicates that the connection is established. Cloud Authentication Service details are automatically updated and saved.
- Under Register RSA AM with the RSA Cloud Authentication Service, copy and paste the Registration Code and the Registration URL from the Cloud Administration Console, or obtain this information from a Cloud Authentication Service Super Admin and manually enter it.
To enable users to authenticate to Cloud Authentication Service, under RSA Cloud Authentication Service Configuration, click Enable RSA Cloud Authentication.
The Enable Authenticate Tokencode PIN Prompts checkbox is selected if you previously used the Security Console to connect RSA Authentication Manager to CAS before applying RSA Authentication Manager 8.5 Patch 3 or later. The Enable Authenticate Tokencode PIN Prompts checkbox is not selected if you applied Patch 3 or later before making the connection.
Clear the Enable Authenticate Tokencode PIN Prompts checkbox to prevent Authenticate Tokencode users from being prompted for PINs on their first authentication to CAS. During subsequent authentications, Authenticate Tokencode users are only prompted for a PIN if their PIN has expired, or if an administrator has cleared their PIN or requires users to create another PIN. This option does not affect other types of authentication.
You can use RSA Authentication Manager as a secure proxy server that sends authentication requests directly to Cloud Authentication Service. For more information, see RSA Authentication Manager Secure Proxy Server for Cloud Authentication Service.
To manually enable this feature, select the Send Multifactor Authentication Requests to the Cloud checkbox.
Click Save.
After you finish
- If required by your deployment, add the Multifactor Authentication REST URL and the Help Desk Administration REST URL to a whitelist of URLs that AM is allowed to access.
Other URLs are as follows.
Feature URL Telemetry telemetry.access.securid.com Embedded identity router US region: sidaccessovap2useast.blob.core.windows.net, sidaccessovap2uswest.blob.core.windows.net
ANZ region: sidaccessovap4auc.blob.core.windows.net, sidaccessovap4auc2.blob.core.windows.net
EMEA region: sidaccessovap3eun.blob.core.windows.net, sidaccessovap3euwest.blob.core.windows.net
Federal region: sidaccessovap5govva.blob.core.usgovcloudapi.net
For any administrator who needs to manage Cloud Authentication Service users in the AM User Dashboard, you must have selected Manage RSA Cloud Authentication Service Users on the General Permissions tab. For more information, see Edit Permissions for an Administrative Role.
Related Articles
Configure Handling of Incorrect Passcodes Number of Views Cloud Access Service POC Quick Setup Guide - Step 4: Add an Access Policy Number of Views How to set up RSA ACE/Agent for UNIX without using the CD-ROM Number of Views Add an Administrative Role Number of Views Deploy an Identity Router Virtual Machine in Microsoft Azure Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
