RSA Authentication Manager

The CPM supports centralized management of RSA Authentication Manager accounts, which verifies authentication requests and centrally administers authentication policies for organizations’ end users.

Supported platforms

The CPM supports remote password management for RSA SecurID accounts on the following platforms:

RSA Authentication Manager 8.1, 8.2


The RSA Authentication Manager certificate must be installed on the CPM machine.
This plugin requires .NET Framework 4.8. If you are using an older version of the CPM, .NET Framework 4.8 must be installed on the CPM machine as well.


In the Privilege Cloud Portal Platform Management page, make sure that the following target account platform is displayed:

RSA Authentication Management

Connection methods

This plugin supports the following connection methods to connect to the remote machine:


Password management features

The CPM can change, verify, and reconcile RSA Authentication Manager passwords on remote machines. If a password is invalid, the CPM can generate a new password and replace the invalid password on the remote machine and its corresponding password in the Password Vault. The parameters that define these tasks are in the platform. A reconciliation account password can be specified either at platform level or at account level.

RSA SecurID users

This plugin manages the following RSA SecurID users:

Operating System user

This is a user in the RSA Authentication Manager operating system. It is managed by the Unix SSH platform and must be used as a logon account for an Operations Console user. This user can change its own password, even if it is not defined as an admin role in the RSA Authentication Manager. However, it must be able to do the following:

Permit login to the RSA authentication manager using SSH protocol.
To reconcile accounts, the reconciliation account must be listed in the Unix Server sudoers file.

Security Console user

This user is managed by the RSA Authentication Management platform and can be used to log onto the RSA Authentication Manager by its own user and by the Operations Console user.

Operations Console user

This user is managed by the RSA Authentication Management platform.