Getting Started with RSA Authentication Manager
RSA Authentication Manager is the authentication, administration, and database management component of RSA SecurID, which provides strong authentication of users accessing valuable network resources. With AM, you can deploy and manage RSA SecurID hardware and software tokens, administrators, users, and authentication agents.
Perform these tasks to get started with AM:
Add security domains. All AM objects, such as users and agents, are assigned to a security domain, which helps you to organize and manage your deployment. It also allows you to limit the scope of administrators' control by limiting the security domains they can access. Security domains are organized in a hierarchy.
For more information, see Security Domains.
Add an LDAP directory as an identity source. You can configure AM to read user and group data directly from an LDAP directory. You can also add users to the internal database. For more information, see Add a User with Options to the Internal Database.
Add administrators. Administrators manage all aspects of your deployment, such as users and security domains. You can create different administrators with different permissions and areas of administrative responsibility, depending on your organization’s needs. To add a new administrator, you can assign a built-in administrative role to a user, or you can create a customized administrative role and assign it to a user. For more information, see Assign an Administrative Role and Add an Administrative Role.
Add password policies. Password policies define users’ password length, format, and frequency of change.
For more information, see Password Policy.
Add token policies. Token policies determine RSA SecurID PIN lifetime and format, and fixed passcode lifetime and format. They are assigned to security domains and apply to all tokens assigned to users managed by a given security domain.
For more information, see Token Policy.
Add lockout policies. Lockout policies define how many failed logon attempts users can make before their accounts are locked.
For more information, see Lockout Policy.
Add risk-based authentication (RBA) policies. Required if you use RBA as a multifactor authentication solution to strengthen password-based authentication by incorporating knowledge of the client device and user behavior to assess the potential risk of an authentication request.
For more information, see Add a Risk-Based Authentication Policy.
Add self-service troubleshooting policy. Required if you use the Self-Service Console. Self-service troubleshooting policy allows you to determine the number of times a user can unsuccessfully attempt to authenticate to the RSA Self-Service Console before the user's account is locked. Locked-out users can be re-enabled either by an administrator or automatically by the system after a specified time frame.
For more information, see Self-Service Troubleshooting Policy.
Associate these policies with security domains. The policy that you select for the security domain overrides the default policy.
Related Articles
RSA Authentication Client 3.6 Getting Started Number of Views Getting authentication cookie Number of Views SecurID and Yubico Number of Views RSA Authentication Manager 8.7 SP1 Web Tier Getting Started Number of Views RSA Authentication Manager 8.7 SP1 Amazon Machine Image (AMI) Getting Started Number of Views
Trending Articles
RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor… RSA Release Notes for RSA Authentication Manager 8.8 Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026)
