RSA August 2025 Release Announcements
6 months ago

August 2025 - Cloud Access Service

 

Critical Notices

The following urgent notices relate to mandatory upgrades and important changes within the RSA environment. Immediate action is required to prevent potential service disruptions.

 

Mandatory Upgrade Required by October 6, 2025

Following Google's decision to stop recognizing Entrust as a trusted Certificate Authority (CA), RSA must transition to an alternative CA beginning the week of October 06, 2025. To ensure continued functionality, you must update or upgrade the necessary on-premises RSA components prior to this date. Failure to complete the required updates may result in significant service disruptions.

Refer to the following advisories for details on upgrading the components:

 

Infinispan Upgrade in Identity Router (IDR) 12.23.0.0.X Requires Cluster-Wide Version Consistency

Note: This upgrade applies to proxied applications on the IDR SSO Portal that store your credentials. 

The upcoming Identity Router (IDR) 12.23.0.0.X release, as outlined in the Identity Router Update Schedule and Versions table, includes a critical Infinispan upgrade. During the upgrade process, if IDRs within a cluster are running different versions, they will continue to serve requests; however, keychain synchronization may be temporarily impacted. These functions will automatically resume once all IDRs in the cluster have been upgraded to the same version. Before performing an in-place upgrade, RSA strongly recommends creating a snapshot of the virtual machine for VMware and Hyper-V-based routers, or of the storage volume for AWS-based routers to ensure recovery options are available if needed. 

Notes: 

  • All IDRs in a cluster must run the same version to prevent replication disruptions.

  • If you plan to add a new IDR using the 12.23.0.0.X template while other IDRs in the cluster are still on 12.22.0.0.X, you must first upgrade all existing IDRs to version 12.23.0.0.X before introducing the new node.

  • Backup files created with earlier versions will not be restorable after upgrading to 12.23.0.0.X.

  • RSA strongly recommends creating new backups immediately after completing the upgrade.

  • Keychain replication does not apply to Embedded IDRs, as they do not support the IDR SSO Portal. Therefore, this update does not apply to AM Embedded IDRs.

  • Backups apply specifically to the HTTP Federation (Fed) application in the IDR SSO Portal.

This action is essential to maintain cluster stability, ensure successful replication, and avoid potential service issues.

 

Identity Router Update Schedule and Versions

Identity routers will be updated according to the following schedule. Downloading the new identity router image when you deploy new identity routers ensures that you benefit from the latest security improvements.

DateDescription

 

EU/ ANZ/ JP/ CA/ GS:  September 2, 2025

US/ FedRamp Gov/ IN: September 3, 2025

Updated identity router software is available to all customers.
Default: Saturday, October 25, 2025 Default date when identity routers are scheduled to automatically update to the new version unless you modify the update schedule or update manually.
Last: Saturday, November 15, 2025

If you postponed the default date, this is the last day when updates can be performed.

 

Use of Company-Specific URLs Required

As a follow-up to the November 2024 Release Announcement, non-company-specific URLs will soon be removed. Please update the affected service URLs immediately. For more information, see transition guide here: Company-Specific Administrative URLs Update Instructions. Administrators must use their designated company-specific URLs for all access, including API interactions, AM configurations, SCIM configurations, or redirected URLs from identity providers (IdPs).The access through the non-company specific URL is not yet blocked. It will be blocked potentially resulting in a loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com ). To ensure uninterrupted access, administrators should promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as needed. If your Identity Router (IDR) software version is earlier than 12.22.0.0.32, you must upgrade your IDR to 12.22.0.0.32 or later to avoid any disruptions when non-company-specific URLs are deprecated.  

Starting with the June release, a banner warning appears for 24 hours whenever a non-company-specific URL is used for the following:

  • Log in to the Admin Console via password or third-party IDP.
  • Access the Admin REST APIs.

In addition, an audit event is logged once per day whenever a non-company-specific URL is used for third-party IDP login and Admin API access. You can view this event in the Admin Event Viewer.

 

Subscribe to status.securid.com for the Cloud Access Service Status Updates

For information about all service incidents and scheduled maintenance windows for the Cloud Authentication Service, subscribe to https://status.securid.com.

 

Cloud Access Service Updates

The following subsections outline the new and enhanced features of the Cloud Access Service (CAS).

 

Improved Support for SAML Certificate Rotation

You can now load up to two SAML signing certificates per application in CAS, ensuring seamless transitions when certificates expire. CAS automatically switches to the other certificate, maintaining secure and uninterrupted access for your applications. Managing certificates is now easier through the Cloud Administration Console, where you can view, import, and update them. This feature is available for both My Page SSO and Relying Party applications. 

  • To use this feature for an SSO application, navigate to Cloud Administration Console > Applications Application Catalog My Applications, select a SAML application, and on the Connection Profile page, upload certificate from the  Message Protection section.
  • To use this feature for a Relying Party application, navigate to Cloud Administration Console > Authentication Clients Relying Parties, select an application, and on the Connection Profile page, upload certificate from the  Message Protection section.

 

Copy SAML Metadata URL

You can now copy the SAML metadata URL directly from your configured applications, making it faster to share metadata with services that require a direct URL instead of uploading files. This enhancement simplifies your SAML setup process and saves time. This feature is available for both My Page SSO and Relying Party applications. 

  • To access this feature for an SSO application, go to Cloud Administration Console > Applications > My Applications, select a configured SAML SSO application, and from the dropdown, select Copy Metadata URL.
  • To access this feature for a Relying Party application, navigate to Cloud Administration Console > Authentication Clients Relying Parties, select a configured SAML Relying Party application, and from the dropdown, select Copy Metadata URL.

 

RSA SDK for iOS and Android Patch Release - Now Available

 
RSA SDK version 4.0.7 for iOS and version 4.0.3 for Android are now available for download on the RSA Community.
   
This patch includes the following enhancements:

    • Updated certificates (required for secure communication with Cloud Access Service from the week commencing October 06, 2025)

    • Enhanced Android SDK support for multiple binding methods, enabling organizations to deploy several custom applications with greater flexibility

     
     

    RSA SecurID Access Admin REST API 2.8.0 - Now Available

    RSA SecurID Access Admin REST API version 2.8.0 is now available with the updates on OAuth API access support. You can download the updated API package from the ID Plus Admin REST API Download page.

     

     

    Upcoming End of Primary Support (EOPS) Details

    The following table provides details of the RSA products reaching the end of support within the next six months:

    ProductVersionEOPS DateExtended Support Level 1/Level 2
    MFA Agent for Microsoft Windows
    		2.3October 2025No

    Announcement
    Don't see what you're looking for?