RSA AM License Support

Use of RSA Authentication Manager is licensed and depends on the RSA licensing packages used. For more information, refer to your detailed commercial agreement with RSA.

License Requirements

AM has the following license requirements:

• For RSA Authentication Manager 8.0 or later, you cannot use a version 6.1 or version 7.1 license.
• If version 8.2 Patch 3 is applied or if you have version 8.2 Service Pack 1 (SP1) or later, any version 8.0 or later license can be used.
• If you have version 8.2 Patch 2 or earlier, you cannot use a later license. Instead, you must apply a version 8.2 license, a version 8.1 license, a version 8.0 license, or any combination of these licenses.

Counting Users Against the License Limit

You can add users to your existing license. Each user counts one time for licensing purposes, regardless of how many authenticators are assigned in AM:

• In AM, users who are assigned one or more authenticators count against the license limit. Users without authenticators do not count against the limit. Authenticators include hardware tokens, software tokens, on-demand authentication (ODA), risk-based authentication (RBA), or a fixed passcode.

• Users who are assigned authenticators that are managed in Cloud Authentication Service (CAS) do not count against the AM license. Authenticators include the SecurID Authenticator app, hardware tokens that are managed in Cloud Authentication Service, and Emergency Tokencode.

• The AM license count does not increase when users authenticate to Cloud Authentication Service with the High Availability Tokencode feature or through AM configured as a secure proxy server.

Users continue to increase the license count when they exist in an identity source, even if all of their authenticators are unassigned in AM. Deleting these users updates the license.

If a user only has a fixed passcode, unassigning the passcode releases the license. Allowing the fixed passcode to expire does not release the license.

The upgrade from AM 8.7 SP2 to AM 8.8 releases the licenses for any users with Cloud-only authenticators. Transferring the ownership of hardware tokens to Cloud Authentication Service releases the licenses.

Authenticate Tokencode Users in Authentication Manager

When AM users successfully authenticate with the Authenticate Tokencode, Approve authentication, or Device Biometrics authentication, their user records are assigned the Authenticate app as a token. The Authenticate app does not affect the license count for users who already have an assigned authenticator in AM. The Authenticate app increases the license count by one for users who do not have an assigned authenticator in AM.

Supported Authentication Methods

AM deployments can support additional authentication methods through Cloud Authentication Service. The ID Plus Subscription Plans include support for AM and Cloud Authentication Service.

A license can enable the following optional AM features for a specific number of users:

• On-demand authentication (ODA)
• Risk-based authentication (RBA)

It is important to know:

• You can install multiple licenses.
• The Account ID must be the same for all licenses.
• The License ID (or Stack ID), must be unique for each license. You cannot install the same license twice.
• The Security Console displays warning messages when you exceed 85, 95, and 100 percent of the user limit.
• The system updates the user counts every hour and each time that a administrator views the license status in the Security Console.

RSA provides the license files separately from your RSA Authentication Manager download kit. Make sure that you know the location of the license file before running the primary appliance Quick Setup. The license file must be accessible to the browser that is used to run the primary appliance Quick Setup. Do not unzip the license file.