Swap On-Prem MFA/RSA SecurID
Depending on your security requirements, you can swap out an existing RSA SecurID configuration with one for On-Prem MFA, or vice versa.
When swapping out an RSASecurID or On-Prem MFA authenticator, you're prompted to disable the existing authenticator, if it's still enabled.
Configure replacement authenticator
- In the Admin Console, go to .
- In the Add Authenticator dialog, select either RSA SecurID or On-Prem MFA.
When configuring a replacement authenticator, all the configuration, except for the shared secret, is copied forward to the new authenticator.
Configure On-Prem MFA replacement
- Enter the following fields:
- Provider name: This is the name that appears to end users during their login challenge.
- Username format: Select the format expected by the provider.
- Hostname: The server host name or IP address.
- Authentication Port: The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured.
- Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- Click Add.
- Click Add New Agent. Note the value of the instance ID. You're also provided with a download link for the On-prem MFA agent installer.
- Activate or Deactivate the authenticator as required.
- Click Save.
Configure RSA SecurID replacement
- Enter the following fields:
- Username format: Select the format expected by the provider.
- Hostname: The server host name or IP address.
- Authentication Port: The RADIUS server port (for example, 1812). This is defined when the On-Prem RADIUS server is configured.
- Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- Click Add New Agent. Note the value of the instance ID. You're also provided a download link for the agent installer.
- Activate or Deactivate as required.
- Click Save.