Keeper Security - RSA Ready Implementation Guide
2 years ago

Certified: April 05, 2024
  

Solution Summary

This section describes Keeper Security integration with RSA ID Plus. Use this information to determine which use case and integration type your deployment will employ.
  

Use Case

Keeper Security can be integrated with the RSA Cloud Authentication Service using SAML 2.0 and RSA Authentication Manager using Authentication Agent.
  

Integration Types

My Page SSO provides Single-Sign-On (SSO) to Keeper Security users leveraging the RSA self-service portal My Page. When integrated, users must authenticate with RSA to sign in to Keeper Security. Both SP-initiated SSO and IdP-initiated SSO are supported.
Modern Cloud-hosted SSO with My Page replaces the existing SAML SSO support with the IDR. 

Relying Party integration allows Keeper Security users’ web browsers to be automatically redirected to the RSA Cloud Authentication Service for authentication. With Relying Party integration, the Cloud Authentication Service can manage only additional authentication or both primary authentication (for example, user ID and password) and additional authentication.

Authentication Agent integrations use an embedded RSA agent to provide RSA and Authenticate OTP authentication methods within the partner’s application. Authentication agents are simple to configure and support the highest rate of authentications.
  

Supported Features

This section shows the supported features by integration type and by RSA component. Use this information to determine which integration type and which RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with Keeper Security using each integration type.
  

Keeper Security Integration with RSA Cloud Authentication Service 

Authentication MethodsRSA MFA API (REST)RadiusRelying PartyMy Page SSO
Approve--
LDAP Password --
SecurID OTP--
Authenticate OTP--
Device Biometrics--
SMS OTP--
Voice OTP--
FIDO Security Key--
Emergency Access Code--
QR Code--
 

Keeper Security Integration with RSA Authentication Manager

Authentication MethodsRSA MFA API (REST)RADIUSAuthentication Agent
RSA SecurID--
On Demand Authentication--
Risk-Based Authenticationn/a--
 
Supported
-Not supported
n/t           Not yet tested or documented, but may be possible
n/aNot applicable

     

Configuration Summary

This section contains instruction steps that show how to integrate Keeper Security with RSA using all of the integration types.

This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.

All RSA and Keeper Security components must be installed and working prior to the integration.

This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
  

Integration Configuration

RSA Cloud Authentication Service

RSA Authentication Manager

     

RSA Terminology Changes

The following table describes the differences in the terminologies used in the different versions of RSA products and components.  
Previous VersionNew VersionExamples/Comments
Company IDOrganization ID 
AccountCredential 
TokenOTP CredentialSecurID OTP Credential
TokencodeOTP/Access CodeSecurID OTP, SMS OTP, Voice OTP
Emergency Access Code, Disable Access Code
Hardware TokenHardware Authenticator 
Device Serial NumberBinding ID 
DeviceCredential/Authenticator 
Device Registration CodeRegistration Code 
Authenticate AppAuthenticator App 
      

Certification Details

RSA Cloud Authentication Service
Keeper Security
RSA Authentication Manager 8.3, Virtual Appliance
Keeper Security Password Manager & Digital Vault 14.4.4
Keeper Security SSO Connect 14.02
    

Known Issues

No known issues.

Related Articles

Trending Articles

Don't see what you're looking for?