RSA Cloud Plan Licenses
RSA offered three licenses: Cloud, Cloud Plus, and Cloud Premier.
For information about ID Plus plans, see ID Plus Subscription Plans.
The high-level details are described below:
Authentication Components
The following table shows the authentication software available with each license.
| Cloud | Cloud Plus | Cloud Premier | |
|---|---|---|---|
| Cloud Access Service (CAS) | Included | Included | Included |
Authentication Manager Server Enterprise License: 1 Primary Instance and up to 15 Replica Instances | Included | Included | |
| AM server with AM Bulk Administration (AMBA) | Included | Included |
Note: RSA continues to support existing Authentication Manager Server Base and Enterprise licenses.
SecurID® Federal
RSA offers a FedRAMP-authorized version of the Cloud Plus and the Cloud Premier licenses. SecurID® Federal includes a separate cloud instance reserved for United States Federal Government customers and other authorized agencies.
SecurID® Federal does not support authentication with SMS OTP or Voice OTP.
Authentication Integrations
The following table shows the authentication integrations available with each license.
| Standard Agents | RSA Ready SecurID Agents | RADIUS Agents | SecurID Authentication API | SAML Authentication | Web Proxy (Trusted Headers, Password Vaulting) | |
|---|---|---|---|---|---|---|
| Cloud Premier | Included | Included | Included | Included | Included | Included |
| Cloud Plus | Included | Included | Included | Included | Included | |
| Cloud | SAML-based only | Included |
Authentication Methods
The Cloud, Cloud Plus, and Cloud Premier licenses include the following authentication methods:
Approve (Push) notification through the RSA Authenticator App and wearable devices
One-Time Passcode (OTP) delivered on-demand through the RSA Authenticator App
Integrated SMS OTP and Voice OTP available as an add-on
Passwordless authentication through FIDO2 and Device Biometrics, such as Apple FaceID, Android biometrics and Windows Hello
Secure One-Time Passcodes using RSA hardware and software authenticator
Emergency Access Code
(Cloud Plus and Cloud Premier only) Customized authentication through the Mobile SDK
Deploying AM as the on-premises component of CAS provides failover and ensures high availability, including offline authentication. This deployment is an option for the Cloud Plus license and included in the Cloud Premier license.
Hardware authenticators are sold separately.
Access Components
CAS allows you to use specific attributes in access policy conditional expressions. These expressions are used to determine authentication requirements and who is allowed or denied access to resources. The following table shows which attributes are available with each license.
Cloud | Cloud Plus | Cloud Premier | |
|---|---|---|---|
| My Page Attributes | |||
| Customized SSO portal branding | x | x | |
| Access Policy Attributes | |||
| Identity source attributes (used in rule sets to select target population for policy) | x | x | x |
| IP address (conditional attribute) | x | x | x |
Additional conditional attributes:
| x | x | |
Cloud Premier attributes include all attributes listed above and the following conditional attributes:
| x |
Note: Make sure that your ID Plus Subscription Plan includes Conditional Attributes. Edit the access policy if necessary to avoid authentication failures.
Related Articles
Monitor Uptime Status for Cloud Access Service Number of Views ID Plus Plans - Legacy Number of Views Failing to access Identity Router IDR Web resource after IDR v2.17 update Number of Views Cloud Access Service User System Requirements Number of Views PAM Agent is failing to connect to RSA Servers (Curl error code: 35) Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
