To configure RSA Adaptive Authentication on the service, you enable RSA Adaptive Authentication; select the adaptive authentication methods to apply, and add the Active Directory connection information and certificate.

RSA Adaptive Authentication correctly configured with the authentication methods to use for secondary authentication.

Details about the SOAP endpoint address and the SOAP user name.

Active Directory configuration information and the Active Directory SSL certificate available.


In the administration console Identity & Access Management tab, select Setup.


On the Connector page, Workers column, select the link for the connector that is being configured.


Click Auth Adapters and then click RSAAAldpAdapter.

You are redirected to the identity manager authentication adapter page.


Click the Edit link next to the RSAAAldpAdapter.


Select the appropriate settings for your environment.


An asterisk indicates a required field. The other fields are optional.




A name is required. The default name is RSAAAldpAdapter. You can change this name.

Enable RSA AA Adapter

Select the check box to enable RSA Adaptive Authentication.

*SOAP Endpoint

Enter the SOAP endpoint address for integration between the RSA Adaptive Authentication adapter and the service.

*SOAP Username

Enter the user name and password that is used to sign SOAP messages.

RSA Domain

Enter the domain address of the Adaptive Authentication server.

Enable OOB Email

Select this check box to enable out-of-band authentication that sends a onetime passcode to the end user via an email message.

Enable OOB SMS

Select this check box to enable out-of-band authentication that sends a onetime passcode to the end user via a SMS text message.

Enable SecurID

Select this check box to enable SecurID. Users are asked to enter their RSA token and passcode.

Enable Secret Question

Select this check box if you are going to use enrollment and challenge questions for authentication.

*Number Enrollment Questions

Enter the number of questions the user will need to setup when they enroll in the Authentication Adapter server.

*Number Challenge Questions

Enter the number of challenge questions users must answer correctly to login.

*Number of authentication attempts allowed

Enter the number of times to display challenge questions to a user trying to log in before authentication fails.

Type of Directory

The only directory supported is Active Directory.

Server Port

Enter the Active Directory port number.

Server Host

Enter the Active Directory host name.


Select this check box if you use SSL for your directory connection. You add the Active Directory SSL certificate in the Directory Certificate field.

Use DNS Service Location

Select this check box if DNS service location is used for directory connection.

Base DN

Enter the DN from which to start account searches. For example, OU=myUnit,DC=myCorp,DC=com.

Bind DN

Enter the account that can search for users. For example , CN=binduser,OU=myUnit,DC=myCorp,DC=com

Bind Password

Enter the password for the Bind DN account.

Search Attribute

Enter the account attribute that contains the username.

Directory certificate

To establish secure SSL connections, add the directory server certificate to the text box. In the case of multiple servers, add the root certificate of the certificate authority.


Click Save.

Add the RSA Adaptive Authentication auth method to the default access policy. Go to the Identity & Access Management > Manage > Policies page and edit the default policy rules to add Adaptive Authentication. See Apply Authentication Methods to Policy Rules.