Publishing Changes to the Identity Router and Cloud Access Service
When you use the
Cloud Administration Console to modify configuration settings such as identity providers, identity sources, application connections, access policies, and user portal pages, the changes take effect after you publish them to the identity routers and the Cloud Access Service (CAS). Publish the configuration changes when you want to apply the new settings to your
deployment. You can also publish changes to CAS without a registered identity router (IDR). For information, see Publishing Changes to Cloud Access Service Without an Identity Router
When any administrator publishes changes, all pending changes are published, regardless of which administrator modified the configuration settings. Changes are published to all identity routers and clusters in your deployment simultaneously, as well as to CAS. The banner at the top of the Cloud Administration Console changes color and displays a status message when publishing is complete.
Moreover, the Publish Changes button will publish changes only to CAS when there are no changes to an IDR, and this will significantly reduce the publishing time. For instance, when you edit My Page customization settings, the changes will be published only to CAS.
Publish Status
While most settings in the Cloud Administration Console must be published, changes to console-specific settings, such as passwords, domains, and some types of account names and sign-in sessions, take effect immediately. The Status field at the top of the Cloud Administration Console indicates when pending changes require publishing. The following table describes the Status field values.
| Status | Definition |
|---|---|
| No Changes | No administrators have made any changes that require publishing yet. |
| Changes Pending | Settings modified by an administrator are not synchronized with the identity routers or CAS. These changes require publishing. |
| Publishing | Publish is in progress. |
| Partial Success | Changes were successfully published to CAS, but could not be published to the identity routers. or Changes were successfully published to the identity routers, but could not be published to CAS. |
| Failure | Changes failed to publish to the identity routers and CAS. |
Success | All settings are synchronized with the identity routers and CAS. |
| Disabled | Single sign-on (SSO) is enabled and the domain is not set. |
When to Publish
Configuration changes require some identity router services to restart or reload. Users might experience a brief performance impact or service unavailability if they attempt to authenticate or load web pages from the identity router during publication. For this reason, RSA recommends that you publish configuration changes during off-peak hours.
Configuring Global Service Load Balancers
Global Server Load Balancers (GSLBs) might receive service unavailable status (HTTP status code 503) for up to seven minutes. If you use GSLBs, configure them to wait for this duration before they switch to another cluster.
Viewing Pending Changes Before Publishing
Before publishing your changes, you can view all pending changes . In the Cloud Administration Console, you can track the pending changes that you and other administrators make to CAS. You can get an overview of who changed what and when for the last 90 days.
To track the pending changes, in the Cloud Administration Console, click the Status drop-down arrow at the top right corner, and then More Details. Pending Publish Changes table lists all pending changes to be published and their details.
Publishing Overview
After you publish changes to the CAS, you can view the publishing status of CAS and identity router(s).
To view the publishing status, in the Cloud Administration Console, click the Status drop-down arrow at the top right corner, and then More Details.
Publish Overview section provides an overview of the last publishing date, the overall publishing status, the status of CAS and identity router(s), and the number of identity routers where changes were successful. If there is a registered identity router, you can track its publish status and platform.
The Publish Changes (Force publish to all IDRs) button enables you to publish changes to CAS and all registered identity routers, so you can republish the current configuration settings to each IDR or resolve an IDR issue.
Related Articles
Publishing Changes to Cloud Access Service Without an Identity Router Number of Views Select Software Tokens for Provisioning Number of Views Configure Connection to Authentication Manager Number of Views Authentication Manager Log Messages (16291-16355) Number of Views Configure Agent Settings Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor… Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager 8.9 Release Notes (January 2026)
