← Identity & Access ManagementRSA SecurID Access

AdequateAdequateAdequateAdequate

4.1

Vendors › Identity & Access Management › RSA SecurID Access

RSA SecurID Access

Name: RSA SecurID Access
Rating: 4.1 (480 reviews)
Author: RSA Security

RSA Security

Founded 1982·US·PE-backed

4.1

Combined score

4.0180

Gartner

4.2220

⚠

Security incident on record — 2011 breach — SecurID seed records compromised; significant historical incident though remediated

▪ Editorial verdict

RSA SecurID has a 30-year heritage in enterprise authentication and the hardware token is still the gold standard physical MFA factor in government and defence environments where FIDO2 is not yet universally supported. The RADIUS and VPN integration depth for legacy infrastructure remains the strongest in the market.

The honest assessment is that RSA SecurID is a legacy authentication platform that has not kept pace with modern IAM capabilities. The 2011 breach where seed records were compromised remains in buyers' institutional memory. The STG PE ownership since 2020 has not accelerated the platform modernisation that would make RSA SecurID a compelling choice for new deployments.

The verdict: RSA SecurID is right for government and defence organisations that have existing RSA deployments and require legacy infrastructure support. New deployments should evaluate Cisco Duo, Microsoft Entra MFA, or Yubico YubiKey for stronger modern authentication with better vendor momentum.

Last reviewed: May 2026

4.0180 reviews

Gartner

4.2220 reviews

PeerSpot

7.880 reviews

Gartner MQ: Challenger

Identity & Access Management assessment

PROTECTIONAdequate

Authentication strength

4 / 5

30+ years of MFA heritage — RSA SecurID hardware tokens remain mandatory in many regulated environments. Scored 4 because hardware tokens are proven but phishing-resistant FIDO2/passkeys are a newer addition still maturing.

Sources: RSA documentation, CISA MFA guidance

Authorisation depth

3 / 5

Scored 3 because RSA is primarily an authentication platform — fine-grained authorisation management requires a separate IdP.

Sources: RSA documentation

OPERATIONSAdequate

Lifecycle management

2 / 5

Scored 2 because RSA SecurID Access focuses on authentication, not identity lifecycle management. User provisioning requires integration with directory services.

Sources: RSA documentation

Integration coverage

3 / 5

RADIUS, LDAP, Cisco VPN, Juniper, Palo Alto. Scored 3 because integration is strong for traditional network access but narrower for modern SaaS and cloud.

Sources: RSA integration documentation

ANALYTICSAdequate

Audit & compliance reporting

3 / 5

Scored 3 because audit reporting depth is adequate but not leading-edge. Compliance tooling for access certification is outside core scope.

Sources: RSA documentation

TRUST & ECOSYSTEMAdequate

Scale & reliability

3 / 5

Proven at government and defence scale for decades. Scored 3 because the legacy architecture limits cloud-native reliability and modern DevOps deployment patterns.

Sources: RSA documentation, government references

Strongest: Authentication strength

Watch out for: Lifecycle management

Strengths & limitations

Strengths

●30+ years of MFA heritage — trusted in government and financial services

●Hardware token option — RSA SecurID hardware still widely deployed

●Strong on-premises deployment for air-gapped environments

Watch out for

●2011 RSA breach still cited in industry discussions on trust

●Legacy architecture — less cloud-native than Okta or Microsoft Entra

●UI dated compared to modern IAM platforms

Best for

Government agencies, defence contractors, and financial institutions with existing RSA deployments or strict on-premises/air-gapped requirements.

Not suitable for: Cloud-native orgs — legacy architecture poorly suited to modern SaaS environments

Compliance coverage

●Essential Eight

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●CMMC

●GDPR

●ISO 27001

○AU Privacy Act

○NIS2

○DORA

○CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

Hardware OTP tokens (obsolete)
Older RADIUS-based MFA

Also considering

Vendors typically shortlisted alongside

← Back to Identity & Access Management Compare with other Identity & Access Management vendors →

Quick facts

Pricing modelper user/year subscription or token

Pricing rangeCustom — typically $15-30/user/year

Free trialNo

Min seats500

Deployment time2-8 weeks

Complexity3 / 5

Pricing transparency2 / 5

AU presenceNo

IRAP assessedNo

Open sourceProprietary

Deployment

ModelsSaaS, On-premises

OS supportWindows, macOS, Linux, iOS, Android

CloudAWS, Azure

Support24/7 Phone, Email, Dedicated CSM

Data residencyUS, EU, Self-hosted

Company

RSA Security

Founded 1982 · 1,000-2,000 employees · PE-backed

HQ: US

$200M+ ARR est.

Certifications

FedRAMP, FIPS 140-2, SOC 2 Type II, ISO 27001, Common Criteria

Integrations

Active DirectoryRADIUSLDAPCisco VPNJuniperPalo AltoSAPOracleServiceNow+ 1 more