Start with Identity
IAM Platform

RSA

Founded 1982Bedford, MA, USAPrivate (Symphony Technology Group)Score 3.9/5Evaluated 2026-06-19Website ↗

Capability scores

Methodology →
Authentication
4.5
SSO & Federation
3.5
Authorization
3.0
Lifecycle & Provisioning
4.0
MFA & Passwordless
4.5
Governance & Audit
4.0
Developer Experience
2.5
Deployment Flexibility
4.0
Pricing Transparency
2.5
Support & Ecosystem
4.0

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

RSA is the historical brand of two-factor authentication, best known for the SecurID hard token. After being carved out of Dell and sold to Symphony Technology Group, RSA operates as an independent identity vendor. The current portfolio spans SecurID for MFA, the ID Plus cloud service for unified access, and Governance & Lifecycle for IGA. It is a legacy brand with genuine relevance in federal and heavily regulated environments, less so for cloud-native teams.

What it is good at

The strongest fit is regulated and government identity. RSA carries FedRAMP authorization, deep experience with phishing-resistant and hardware-token MFA, and a governance and lifecycle module mature enough for access certifications and compliance reporting. For organizations where policy still mandates hard tokens or where federal accreditation is non-negotiable, RSA's pedigree and certifications carry real weight.

Where it falls short

The developer experience and modern cloud ergonomics trail the leaders. The portfolio's MFA, access, and governance pieces reflect different lineages and do not always feel like one platform, and the brand's history (including the 2011 SecurID seed breach) is part of its story. Cloud-first teams expecting an API-led, self-serve experience will find it dated.

Pricing

Quote-based and sales-led, with per-user and per-token models common. Hardware tokens add cost. Model the full picture, including hardware, with our TCO calculator.

Best for, and who should look elsewhere

Choose RSA for federal and regulated environments with FedRAMP requirements or hard-token mandates, and where mature IGA is needed. Look elsewhere if you are cloud-native and want modern developer experience, where Okta, Microsoft Entra, or Ping Identity will fit better.

Bottom line

A trusted choice for federal and regulated buyers with strong-MFA and governance mandates, and a poor fit for teams wanting a modern, API-first platform.

More IAM Platform vendors

All IAM Platform

By SWI Community Team · Last evaluated 2026-06-19

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to [email protected].