Cloud Access Service Updates
The following subsections outline the new and enhanced features of the Cloud Access Service (CAS).
Credential Recovery Support for Multi-Credential Authenticators
CAS now supports credential recovery for authenticators that store multiple credential types for a single user on the same device. Examples include OTP and FIDO credentials in the RSA Authenticator app, SecurID OTP and FIDO credentials in the DS100, and HOTP and FIDO credentials in the iShield and Yubikeys. If you use supported combinations of FIDO and OTP authenticators, you can now replace your device through Credential Recovery self-service. This enhancement allows you to recover multiple credentials tied to a single device without manual intervention, reducing help desk dependency and associated administrative costs.
Configurable Live Verify Session Time Limit
The Live Verify configuration is now enhanced to allow the session time limit to be set from 5 to 15 minutes, in 1-minute increments, giving users additional time to successfully complete the verification process. The configured time limit applies to sessions initiated from the User Management page and via the API. To configure the time limit, navigate to Cloud Administration Console > My Account > Company Settings > Sessions & Authentication.
User-Initiated Unified Logout for My Page SSO Applications (General Availability)
User-initiated Unified Logout is now supported for My Page SAML and OIDC SSO applications, allowing you to sign out of all active participating Unified Logout application sessions with a single action. CAS centrally manages active sessions, simplifying session management, improving security, and supporting compliance with industry standards.
- To manage session lifetime for My Page, navigate to Cloud Administration Console > Access > My Page, select the Applications tab, and update the settings in the User Sessions section. The Session Duration setting in this section controls the session duration for all SAML and OIDC SSO applications managed by the My Page SSO Session Manager. In SAML, the session timeout is defined by the SessionNotOnOrAfter attribute. In OIDC, the session timeout is defined by the session_expiry claim in the ID token.
- To configure Unified Logout for SAML applications, navigate to Cloud Administration Console > Applications > Applications, select the SAML application, and update the SAML Unified Logout Configuration section on the Connection Profile tab.
- To configure Unified Logout for OIDC applications, navigate to Cloud Administration Console > Applications > Applications, select the OIDC application, and update the Unified Logout Configuration section on the Connection Profile tab.
Note: The My Page session duration centrally controls the session lifetime for both OIDC and SAML applications.
Common User Schema Preparation and Attribute Refresh Updates
CAS now automatically performs a Refresh Attributes action on all existing AD and LDAP identity sources to ensure the user schema (list of user attributes) is available in CAS. When creating a new AD or LDAP identity source, CAS attempts to automatically perform a Refresh Attributes action on the User Attributes tab in Cloud Administration Console > Users > Identity Sources, and the action must succeed before the identity source can be saved. If network, credential, or other issues prevent connection to the identity source, you must go to the Identity Source Details tab and resolve the issue.
Note: CAS will transition to a common user schema (a consistent set of user attributes) in a future release. This update prepares for that change by introducing enhancements to how Active Directory on-premises and LDAP identity sources are configured.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| MFA Agent for Microsoft Windows | 2.3.1/ 2.3.2 | May 2026 | No |
| Authenticator for iOS & Android | 4.4 | June 2026 | No |
| RSA Authentication Manager | 8.7 SP1 | June 2026 | June 2027/ June 2028 |
Subscribe to status.securid.com for the Cloud Access Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Access Service, subscribe to https://status.securid.com.
Related Articles
RSA April 2024 Release Announcements Number of Views RSA April 2025 Release Announcements Number of Views RSA March 2026 Release Announcements Number of Views RSA Announces RSA Authentication Agent 1.0.2 for Citrix StoreFront Number of Views RSA February 2026 Release Announcements Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA-2022-12: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026)
