Certified: March 04, 2026
Solution Summary
This section describes Salesforce integration with RSA ID Plus. Use this information to determine which use case and integration type your deployment will employ.
Use Case
Salesforce can be integrated with RSA using SSO, Relying Party, and as a SCIM server. When integrated, users must authenticate with RSA to sign in to Salesforce.
Integration Types
SSO integrations use SAML 2.0 or HFED technologies to direct users’ web browsers to Cloud Access Service (CAS) for authentication. SSO provides Single Sign-On using the IDR My Applications/My Page Portal. My Page SSO provides Single-Sign-On (SSO) to Salesforce users leveraging RSA self-service portal, My Page. Both SP-initiated SSO and IdP-initiated SSO are supported. Modern Cloud-hosted SSO with My Page replaces the existing SAML SSO support with the IDR. Existing SSO integrations using IDR My Applications continue to be supported and are listed in this document as applicable.
Note: RSA will continue to maintain existing SAML SSO integrations using IDR My Applications. At a to-be-determined future date, RSA will announce the end-of-life (EOL) date for the SAML SSO support with the IDR. For more information, see Available Now: My Page SSO Enhancements.
Relying Party integration allows Salesforce users’ web browsers to be automatically redirected to CAS for authentication. With Relying Party integration, Cloud Authentication Service can manage either additional authentication only or both primary authentication (for example, user ID and password) and additional authentication, depending on the service provider's capability.
SCIM integration allows the administrators of CAS and end users who exist in the CAS Unified Directory to be provisioned in Salesforce. End users can request access to an application in the My Page portal and gain access to the external application, depending on the approver type configured in RSA. Users can also check the status of their submitted requests from My Requests in the My Page portal.
Supported Features
This section shows all the supported features by integration type and by RSA components. Use this information to determine which integration type and which RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with Salesforce using each integration type.
Salesforce Integration with CAS
| Authentication Methods | RSA MFA API (REST) | RADIUS | Relying Party | SSO |
| Approve | - | - | ||
| LDAP Password | - | - | ||
| SecurID OTP | - | - | ||
| Authenticate OTP | - | - | ||
| Device Biometrics | - | - | ||
| SMS OTP | - | - | ||
| Voice OTP | - | - | ||
| FIDO Security Key | - | - | ||
| QR Code | - | - | ||
| Emergency Access Code | - | - |
Salesforce Integration with RSA Authentication Manager (AM)
| Authentication Methods | RSA MFA API (REST) | RADIUS | Authentication Agent |
|---|---|---|---|
| RSA SecurID | - | - | - |
| On Demand Authentication | - | - | - |
| Risk-Based Authentication | - | - | - |
| Supported | |
| - | Not supported |
| n/t | Not yet tested or documented, but may be possible |
| n/a | Not applicable |
Configuration Summary
This section contains instruction steps that show how to integrate Salesforce with RSA using all of the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA and Salesforce components must be installed and working prior to the integration.
This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
Integration Configuration
CAS
-
Salesforce - SAML My Page SSO Configuration - RSA Ready Implementation Guide
- Salesforce - SAML Relying Party Configuration - RSA Ready Implementation Guide
- Salesforce - SAML IDR SSO Configuration RSA Ready Implementation Guide
- Salesforce - My Page SSO Configuration Using OIDC - RSA Ready Implementation Guide
- Salesforce - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide
- Salesforce - SCIM Configuration - RSA Ready Implementation Guide
RSA Terminology Changes
The following table describes the differences in the terminologies used in the different versions of RSA products and components.
| Previous Version | New Version | Examples/Comments |
| Cloud Authentication Service | Cloud Access Service | |
| Token | OTP Credential | SecurID OTP Credential |
| Authenticator | Hardware Authenticator | |
| Tokencode | OTP | SecurID OTP, SMS OTP, Voice OTP |
| Access Code | Emergency Access Code | |
| SecurID Authenticate app | RSA Authenticator app | RSA Authenticator app for iOS and Android, RSA Authenticator app for Windows |
| Device | Authenticator | Register an authenticator |
| Company ID | Organization ID | |
| Account | Credential | |
| Device Serial Number | Binding ID |
Known Issues
No known issues.
Certification Details
CAS
Salesforce Security Intelligence Platform
