RSA Mobile Lock Console
RSA Mobile Lock is an RSA ID Plus Add-On or Feature, depending on your RSA ID Plus license .
If your RSA Cloud Authentication Service includes the Mobile Lock feature, you can trigger a SaaS-based Mobile Lock Console to be created for your Cloud tenant, by following step 9 on page Configure Company Information and Certificates . The URL for the Mobile Lock Console will be:
https:\\rsamobilelock.zimperium.com
The Mobile Lock Console allows administrators in your organization to manage the Mobile Lock feature for end users.
After a Mobile Lock Console is created, administrators in your organization would login to it using their email address and a a password.. However, it is also possible to configure the Mobile Lock Console for SAML authentication. To allow SAML to be configured for your Mobile Lock Console, you must first ask RSA Support to enable "SSO Configuration" for your Console. As soon as "SSO Configuration" is enabled, the URL for your Mobile Lock Console will change to:
https:\\client-prefix-rsamobilelock.zimperium.com
Important: this KB article only applies to the RSA Mobile Lock Console. For a Zimperium zConsole that does not have "rsamobilelock" in its URL, the customer must contact Zimperium Support directly to enable SSO. After SSO is enabled by Zimperium Support, contact RSA Support if you have questions about how to configure the RSA Cloud Authentication Service for Zimperium zConsole SSO.
- Raise an RSA Support case and ask for "SSO Configuration" to be enabled for your Mobile Lock Console
- In the support case, provide the following information:
- The managed account ID: In the RSA Mobile Lock Console after login, this is the label on the top right of the navigation bar, by the gear icon.
- RSA Mobile Lock Console version: in the RSA Mobile Lock Console after login, the version is at top left under the word "Console".
- A unique client-prefix for the Mobile Lock Console’s URL. The client-prefix is used to form a new fully qualified hostname for your Mobile Lock Console. After SSO Configuration is enabled for your Console, your organization will use the new name to access the RSA Mobile Lock Console. The new hostname will be of the form:
client-prefix-rsamobilelock.zimperium.com
- start with a letter
- all remaining characters can be only letters, digits or hyphens.
- have a maximum length of 35 characters.
- be unique (not the same as any other Mobile Lock Console’s client-prefix)
As soon as SSO Configuration is enabled for your Mobile Lock Console, your administrators will no longer be able to login at https:\\rsamobilelock.zimperium.com . The new hostname must be used. When that occurs, you can immediately start using the new name to access the Mobile Lock Console, without waiting for notice from RSA Support that the new name has been activated.
Instructions to configure SAML for the Mobile Lock Console using an RSA Cloud Authentication Service SAML Identity Provider are attached to this KB article.
Related Articles
How to enable DEBUG logging in RSA Identity Governance and Lifecycle Number of Views RSA Authenticator for iOS and Android Administrator Guide - Mobile Lock Number of Views 'Program Error - XC_XParseRegenerateCertificate: [XrcNOTFOUND] unable to locate requested member or object. Can't create i… Number of Views macOS administrator locked out due to RSA MFA Agent for macOS misconfiguration Number of Views A device is not listed on the Devices page of the RSA Mobile Lock console Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
