Is RSA SecurID suitable for a third-party authentication app for Salesforce 2FA?
I am interested if one can use RSA SecurId as a Third Party Authenticator app with Salesforce for 2FA.
As per https://help.salesforce.com/articleView?id=add_time-based_token.htm&type=5 and https://www.salesforce.com/content/dam/web/en_us/www/documents/white-papers/2fa-admin-rollout-guide.pdf,
'You can use an authenticator app that supports the TOTP algorithm (IETF RFC 6238), such as Salesforce Authenticator for iOS, Salesforce Authenticator for Android, or Google Authenticator.
As per the RSA community link here,
The RSA Authenticate app is a multi-factor authentication option that works in conjunction with the RSA SecurID Access Cloud Authentication Service and provides several options for authentication, including biometrics and FIDO tokens.
Neither of the apps supports TOTP, and the apps cannot be used without their corresponding RSA servers'.
So, that implies that RSA SecurID cannot be used for 2FA with Salesforce? Has anyone had any success with RSA SecurID as 2FA with Salesforce?
Yes, it can be done.
You're thinking that an RSA authenticator (hardware or software token) can be used in a plug-and-play manner similar to Google or Salesforce authenticator. That is not the case. SecurID is fundamentally a different animal, it uses its own protocols and requires RSA server software. The overall solution architecture that involves RSA SecurID and RSA's own software can and does work with Salesforce. How? It depends. Some options are outlined in RSA's whitepaper – identigral
Note: The RSA Authenticator enables users to receive an OTP as an SMS message delivered to their cell phone or via email. Users are sent an OTP to use as a login to their SMS-enabled mobile device.