ID Plus Overview

ID Plus provides the benefits and functionality of Authentication Manager (AM) and Cloud Access Service (CAS) combined into one multifactor (MFA) solution. This integration enables new capabilities for existing AM customers. ID Plus provides:

• More than just credentials. Select from a variety of secure and convenient authentication methods including mobile-optimized push notifications, device biometrics, and standards-based FIDO passkeys.

• More ways to connect. Add policy-driven secure access and single sign-on to the leading web and SaaS applications through SAML, reverse proxy or password vaulting. Add strong authentication to your custom and third-party applications using the new REST-based RSA Authentication API and expanded RADIUS options.

• Flexibility to mix and match. Use your existing SecurID OTP Credentials to protect the cloud, use the RSA Authenticator app with traditional on-prem resources like VPNs, or mix-and-match to meet your unique requirements. The expanded features and services of CAS work with your existing AM solution and vice versa.

Cloud Access Service

Cloud Access Service Overview is an access and authentication platform with a hybrid on-premise and cloud-based service architecture. CAS helps secure access to SaaS and on-premise web applications for users, with a variety of authentication methods that provide multifactor identity assurance. The service helps increase user productivity with single sign-on (SSO) and enables a company to control how users access these applications with centralized access and authentication policies. CAS can also accept authentication requests from a third-party SSO solution or web application that has been configured to use RSA Authenticator as the identity provider (IdP) for authentication. For more information, see Cloud Access Service Overview

CAS includes transparent and interactive methods for determining if a user is who he claims to be. Users can authenticate using the RSA Authenticator app, a software application that is self-registering, automatically seeded, and never expires. The app supports biometric methods such as fingerprint, Face ID, and Windows Hello, push notifications, and tokencodes that can be protected by biometrics or a PIN. CAS also supports SecurID OTP Credentials, as well as standards-based FIDO authenticators, and context-based authentication using factors such as the user's location and network. Confidence in a user's identity can also be established through risk analytics, based on user characteristics such as past behavior, devices previously used for authentication, and other factors.

Because users are enrolled for SecurID Authenticate Tokencode automatically after registration with the RSA Authenticator app, you do not need to perform any additional steps to distribute this method.

Authentication Manager

AM is an on-premise multifactor authentication solution that helps secure access to network and web-accessible applications, such as SSL-VPNs and web portals. AM verifies authentication requests, and centrally administers authentication policies, SecurID OTP Credentials, users, agents and resources across physical sites. For more information, see Authentication Manager Documentation.

AM provides the following choices for strong authentication:

• SecurID OTP, which protects access using two-factor authentication with hardware and software-based OTP Credentials.

• On-demand authentication (ODA), which protects access using two-factor authentication by sending authentication credentials to users upon request through SMS text messaging or e-mail.

• Risk-based authentication (RBA), which protects access by assessing user behavior and matching the device being used to authenticate to assess the risk-level of an authentication attempt.

For more information, see How RSA Authentication Manager Protects Your Resources.

Integrating Authentication Manager and Cloud Access Service

Integrating AM with CAS offers opportunities to expand the resources you protect and the authentication methods you make available to users.

If you have an AM RADIUS deployment, you can expand the authentication methods available to users by moving to RADIUS for CAS. This feature is available for identity routers that are deployed on the VMware, Hyper-V, or Amazon Web Services platforms. Configure a RADIUS client in CAS to protect the resources that are currently protected by RADIUS in AM. For more information, see RADIUS for Cloud Access Service Overview.

Identity Router

The Identity Router is a virtual appliance that communicates with CAS, identity sources, and AM. It provides RADIUS and single sign-on (SSO) services, and enforces authentication and access for users of protected resources.

You can deploy an identity router on the VMWare, Hyper-V, or Amazon Web Services cloud platforms. With the latest version of AM, you can deploy an identity router that is embedded in the AM server. For more information on supported platforms and services, see Identity Router.

RSA Authentication API

RSA provides the RSA Authentication API, a REST-based programming interface that allows you to develop clients that process multifactor, multistep authentications through AM and CAS. The interface definition can be integrated with any programming language. The Authentication API supports Authentication Manager 8.2 Service Pack 1 or later. For more information, see the RSA Authentication API Developer's Guide.

RSA ID Plus Subscription Plans

ID Plus offers three levels of cloud solutions, tailored to fit every identity and access management requirement. All of the solutions can be flexibly deployed in the cloud, on-premises, or hybrid with an open, extensible identity platform. The solutions also can be easily adjusted to meet the pace and evolution of your modernization. For more information, see RSA ID Plus Subscription Plans.