RSA Authentication Agents
Authentication agents are software applications that securely pass user authentication requests to and from RSA Authentication Manager. Authentication agents are installed on each machine, such as a domain server, web server, or a personal computer, that you protect with AM.
For example, agent software residing on a web server intercepts all user requests for access to protected web pages. When a user attempts to access a protected URL, the agent requests the User ID and passcode and passes the User ID and passcode to the AM for authentication. If the authentication is successful, the user is granted access to protected web pages.
Different types of authentication agents protect different types of resources. For example, to protect an Apache Web server, you need the current version of RSA Authentication Agent for Web for Apache.
Note: Risk-based authentication (RBA) only works with web-based authentication agents that use the UDP.
Some authentication agents include support for the REST protocol. The following table compares the authentication agents that use the REST protocol to other authentication agents.
REST Protocol Authentication Agents | Other Authentication Agents |
| To use the authentication agent, you must have configured the REST service in Authentication Manager. You can then add the authentication agent. For more information, see Configure the RSA SecurID Authentication API for Authentication Agents. | To deploy an authentication agent that uses the UDP, you must generate the RSA Authentication Manager configuration file , sdconf.rec, and copy it to each machine on which the agent is installed. You must also add an agent record for each installed agent. For more information, see Deploying an Authentication Agent that Uses the UDP. |
One authentication agent record in AM can represent more than one installed agent. For example, you can install and configure the RSA Authentication Agent 8.0 for PAM on hundreds of servers, and then add the PAM agent one time in AM. In this example, you can edit one authentication agent record to configure multiple installed agents. | Each installed agent has an authentication agent record in AM. If you install one hundred agents, then you need to add one hundred authentication agent records. |
A logical name can be used to identify authentication agent records, and a fully qualified hostname or IP address is not required. More than one installed agent can share the same logical name, and each agent might have a different hostname and IP address. More than one agent can be installed on the same machine with a shared hostname and IP address, but these agents can either share the same logical name or use different logical names. | In AM, the authentication agents are identified with their hostname and IP address. Two agents are installed on the same machine would share the same authentication agent record in AM. |
AM agent reporting can provide additional details, such as information about the machine on which each authentication agent is installed, how many installed agents exist for each authentication agent record, and a unique identifier for each installed agent. Some REST protocol agents require additional configuration steps to send agent details to AM. | AM can report some details on the agent, such as the security domain, IP address, and the last authentication date and time. The agent does not provide AM with information such as the installed agent count, version number, or platform. AM agent reporting displays a 0 for the installed agent count parameter and dashes for the other information. |
| A unique identifier is provided for each installed agent. An agent might have one record in AM, but the agent can be installed on multiple machines with a unique identifier for each installation. | If only one authentication agent is installed on a machine, then the hostname or IP address identifies the agent. |
Instead of a node secret, Transport Layer Security (TLS) is used to protect the channel. The authentication agent must be configured with the internal, trusted CA certificate of the deployment. | Node secrets are required for agents that use the UDP. The node secret is a shared secret known only to the authentication agent and AM. Authentication agents use the node secret to encrypt authentication requests that they send to AM. AM automatically creates and sends the node secret to the agent in response to the first successful authentication on the agent. |
You can use a Security Console wizard to directly connect RSA Authentication Manager and Cloud Authentication Service (CAS). After you establish this connection, REST protocol authentication agents allow users to authenticate to the cloud with any form of multifactor authentication that is supported by the Cloud Authentication Service. | After you use a Security Console wizard to directly connect between AM and the Cloud Authentication Service, users can authenticate with Approve, Device Biometrics, or Authenticate Tokencode. |
Obtaining RSA Authentication Agents
RSA authentication agent software is available on the Downloads page.
You may also purchase products that contain embedded RSA authentication agent software. The software is embedded in a number of products, such as remote access servers, firewalls, and web servers. For more information, go to the RSA Ready Partner website at https://community.rsa.com/s/product-integration/Product_Integration__c/00B4u0000099iUMEAY.
On the RSA Ready Partner website, locate the RSA Implementation Guide for AM for your agent. Save it to your desktop or a local drive that you can access during the integration process.
Note: Only certified partner solutions have an implementation guide. For other agents that are certified as RSA Ready, you can create a custom implementation.
Related Articles
RSA SecurID Authentication API for Authentication Agents Number of Views IPv4/IPv6 Authentication Agents Number of Views Disable RSA SecurID Authentication API Number of Views Generate an HMAC for Authentication Agents Number of Views Configure the RSA SecurID Authentication API for Authentication Agents Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
