REMINDER: Mandatory Time-Bound Upgrade Required for RSA Authentication Manager and RSA Authenticate App/RSA Authenticator App for iOS and Android, When Connected to Cloud Access Service
8 months ago
Severity
Critical

This is a reminder of the information initially communicated in May 2025: https://community.rsa.com/s/article/Mandatory-Migration-Upgrade-Required-for-RSA-Authentication-Manager-Authenticate-App-Authenticator-App 

   

Introduction

In 2024, Google announced its plan to discontinue support for Entrust Certificate Authority (CA) in Google Services (such as Chrome, one of the most used Web Browsers) by October 2025 (Reference: Google Online Security Blog: Sustaining Digital Certificate Security - Entrust Certificate Distrust). RSA used Entrust CA in RSA Cloud Access Service (formerly known as RSA Cloud Authentication Service), and in applications such as RSA Authentication Manager, RSA Authenticate app, and RSA Authenticator app. RSA is therefore moving to a new CA, which is already included in the latest versions of RSA Authentication Manager and RSA Authenticator app. This will require RSA clients to make sure they have completed the actions listed below before week/c Monday 6th October 2025.   Failure to complete these upgrades by that deadline will cause critical failures in most authentication flows.

   

Affected Products

  • RSA Authentication Manager, all versions supporting hybrid use cases connected to RSA Cloud Access Service
    • Authentication Manager not connected to Cloud Access Service is not impacted, but it is always a good practice for organizations to upgrade to the latest version of Authentication Manager to benefit from new features and security updates.
  • RSA Authenticate app for iOS and Android, all versions
  • RSA Authenticator app for iOS and Android, all versions prior to V4.5, when authenticating with cloud-based (RSA Cloud Access) credentials
    • Users authenticating only with on-prem (Authentication Manager) based credentials are not impacted, but it is always a good practice for users to upgrade to the latest version of authentication applications to benefit from new features, security updates, and the latest OS qualifications.
  • RSA Prime, when connected to Cloud Access Service
  • PAM and Web Apache Agents when connected to Cloud Access Service

Other RSA products are not affected.

  

Required Actions

To be completed before week/c Monday 6th October 2025:

 

  • RSA Authentication Manager used with RSA Cloud Access in Hybrid/High Availability Mode
    RSA Authentication Manager 8.8:     No action required. AM 8.8, which was released in April 2025, includes the required new certificates.
    RSA Authentication Manager 8.7 SP2: Install AM 8.7 SP2 Patch 6, which includes the required new certificates.
    RSA Authentication Manager 8.7 SP1: Install AM 8.7 SP1 Patch 3 Hotfix 2. For more details, see Authentication Manager 8.7 SP1 Patch 3 Hotfix 2 Read Me.
    RSA Authentication Manager 8.7: Install AM 8.7 Patch 4 Hotfix 2. For more details, see Authentication Manager 8.7 Patch 4 Hotfix 2 Read Me.
    RSA Authentication Manager 8.6: Install AM 8.6 Patch 4 Hotfix 2. For more details, see Authentication Manager 8.6 Patch 4 Hotfix 2 Read Me.

    Customers using an older/no longer supported version of Authentication Manager in Hybrid/High Availability Mode with Cloud Access Service must upgrade to any of the supported versions listed above.

  • RSA Authenticate app for iOS and Android
    All RSA Authenticate app for iOS and Android users must migrate to the latest RSA Authenticator app for iOS and Android. For further information, refer to the following advisory, published on March 27, 2025: Time is Running Out – Users Must Migrate from the Legacy RSA Authenticate App to the Supported RSA Authenticator App by October 2025.

  • RSA Authenticator app for iOS and Android versions earlier than 4.5 with RSA Cloud Access Service
    RSA Authenticator app for iOS and Android prior to V4.5 and authenticating with RSA Cloud Access Service must be upgraded to at least RSA Authenticator app V4.5. On upgrade, all credentials will be migrated seamlessly. Starting from the May 2025 RSA Cloud Access Service release, every time a user authenticates with RSA Cloud Access Service to access a web-based resource using the RSA Authenticator app for iOS and Android with a version earlier than 4.5, they will be presented with the following prompt.

    Note: The prompt will appear when a user looks to authenticate with a web-based resource, such as Salesforce. It will not appear when a user looks to authenticate with an RSA Agent, such as the RSA MFA Agent for Windows or RSA Agent for macOS. Users authenticating with RSA Agents will have to be reminded separately by their organizations of the need to upgrade.
Announcement

Related Articles

Trending Articles

Don't see what you're looking for?