How to register a FIDO security key as an MFA authenticator to use when accessing RSA customer or partner applications
a year ago
Article Number
000073332
Applies To

This article applies to RSA customers and partners that wish to use a FIDO security key (e.g. iShield, YubiKey, etc.) as their MFA authenticator when accessing the RSA Community, RSA Partner Portal, or myRSA.

Resolution

This article provides instructions for setting up a FIDO security key as an MFA authenticator.
(The instructions assume you already have an active user account. If you do not, please register for an account before following these instructions. The instructions were written for the Windows operating system and Google Chrome, but the steps are the same or similar for macOS and Linux, depending on the browser that is used.)

 

Step 1: Access the My Authenticators page

To begin the process of registering your FIDO security key, you must navigate to the My Authenticators page. However, in order to access this page directly from the My Page interface, you must already have a registered MFA authenticator. If you have not yet registered your first authenticator, you must access the page via the Authenticator Enrollment page.

 

Step 1a: Accessing the page via the My Page interface

Follow the steps below to access the My Authenticators page via the My Page interface if you have already registered an MFA authenticator.

  1. Navigate to the My Page interface: https://rsa-community.auth.securid.com/mypage 
  2. Log in using your User ID (i.e. email address) and password, following the on-screen instructions.
  3. Optionally select the Remember this browser checkbox and click the Continue button.
  4. From the My Page interface (where you will be on the My Applications page by default), click on the My Authenticators option in the menu.
  5. Use your existing MFA authenticator to complete the step-up authentication process.

NOTE: If you try to access the My Authenticators page using this method before your have registered an MFA authenticator, you will be prompted for a SecurID OTP that does not exist and therefore you will be unable to proceed. As such, the method below should be followed instead. Alternatively, if you have already registered an MFA authenticator but no longer have access to it, you must follow the MFA authenticator reset process instead.

 

Step 1b: Access the page via the Authenticator Enrollment page

Follow the steps below to access the My Authenticators page via the Authenticator Enrollment page if you have not yet registered an MFA authenticator.

  1. Navigate to the Authenticator Enrollment page: https://rsa-community.auth.securid.com/enroll 
  2. Enter your User ID (which is your email address) where prompted.
  3. Enter your password where prompted.
  4. Check your email where you should have received an email from noreply@securid.com with a one-time validation code.
  5. Enter the validation code where prompted.
  6. Optionally select the Remember this browser checkbox and click the Continue button.

After following these steps, you should be on the My Authenticators page. For more detailed instructions for this method, refer to the MFA authenticator setup tutorial.

 

Step 2: Register your FIDO security key

Once you are on the My Authenticators page, follow the steps below to register your FIDO security key as an MFA authenticator.

  1. Click on the Register an authenticator button.
  2. Click on the Passkey (Security Key) tile.
    The available authenticator types that can be registered
     
  3. In the Windows Security dialog window that appears, click on the Security key option and then click Next.
    Windows Security dialog window asking where to save the passkey  
  4. Click OK in the Security key setup dialog window that appears.
    The security key setup dialog window  
  5. Click OK in the Continue setup dialog window that appears.
    The continue setup dialog window
      
  6. Enter your Security Key PIN and then press Enter or click OK.
    The prompt to enter the security key PIN
     
  7. Touch your security key when prompted.
    The prompt instructing to touch the security key  
  8. Click OK on the Passkey saved dialog window that appears.
    Dialog window stating that the passkey has been saved  
  9. Change the name of the FIDO Security Key to be recognizable to you and then click Continue.
    Renaming the registered security key 

 
After following the steps above, you should be redirected back to the My Authenticators page, where you'll be able to see your security key listed as a registered authenticator, as shown below.
 

The My Authenticators page with the registered authenticator

 

If you encounter any issues with setting up your FIDO security key as an MFA authenticator, please contact RSA Customer Support for assistance, referencing this article.

Notes

It is important to note that only FIDO security keys that are certified by the FIDO Alliance can be used as an MFA authenticator. For more information regarding this restriction, refer to the following article: Why am I getting a "Registration Unsuccessful" message when registering a FIDO security key?

Don't see what you're looking for?