Cloud Authentication Service Updates

The following subsections outline the new and enhanced features of the Cloud Authentication Service (CAS).

Enable/Disable Resynchronization of OTP Hardware Authenticators

In the Cloud Administration Console (Access > My Page), administrators can now enable or disable resync of OTP authenticators. This feature allows users with out-of-sync OTP authenticators to resync their device with the Cloud Authentication Service particularly in cases where authentication fails due to clock drift (for example, from extreme temperatures) or when multiple consecutive OTPs are generated without use. Unauthenticated users who cannot sign into My Page can access a sync URL, enter the authenticator's serial number, and provide two consecutive OTPs to synchronize their device and regain access to their application.

Administration Event Monitor for Role Management

In the Cloud Administration Console, administrators can now track the creation, editing, and deletion of roles for the Fulfillment service through the Admin Event Monitor. The event description provides detailed information on the creation, editing, or deletion of roles.

Disable Anomaly Detection Email Notifications

Email notifications about suspicious authentication attempts, which help customers mitigate password spray attacks, were previously sent automatically to Super Administrators. Now, administrators can disable these notifications by clearing the new Anomaly Detection checkbox under Company Settings > Email Notifications in the Cloud Administration Console. This gives administrators the option to enable or disable these notifications as needed. 

New MFA Authentication Logs in the Cloud Administration Console

When multifactor authentication (MFA) occurs between the Authentication Manager and the Cloud Authentication Service, the Cloud Administration Console now provides new verbose logs in the User Event Monitor. These events track the initiation, success, and failure of MFA authentications through this hybrid deployment, offering administrators more detailed insights into the authentication process, including when MFA is initiated, successfully completed, or fails.

Local Groups API

Local Groups Public API seamlessly integrate users from various identity sources (internal identity source, AD/LDAP, or SCIM), allowing them to be grouped together in a single group. Additionally, administrators can search for users and add them to groups either individually or bulk.

Important Notice: Use of Company-Specific URLs Required

Effective March 2025, access through non-company-specific URLs will be discontinued. Administrators need to utilize their designated company-specific URLs for all access, including API interactions, Authentication Manager (AM) configurations, SCIM configurations, or redirected URLs from identity providers (IDPs). Access via any other URLs or those lacking a company subdomain will be blocked, resulting in potential loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com). To ensure uninterrupted access, administrators need to promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as necessary.
If a SAML third-party Identity Provider (IdP) is set up for logging into the Cloud Administration Console, it is essential to ensure that both the Sign-In URL and the Assertion Consumer Service (ACS) URL are configured to use the company-specific URLs on the IdP side. If they are not currently configured this way, please make the necessary updates. To find your company-specific Sign-In URL and ACS URL, go to My Account > Company Settings > Sessions and Authentications in the Cloud Administration Console.

Coming Soon: Migration Prompt for RSA Authenticate App Users (March 2025 Release)

As communicated in previous advisories, the RSA Authenticate app on iOS, Android, Windows, and macOS is no longer supported. Users of this app must upgrade to the RSA Authenticator app, which provides a migration path for existing credentials.
While many initial users of the RSA Authenticate app have seamlessly completed this upgrade, a significant number of users are still relying on the RSA Authenticate app for authentication. To drive migration, a new feature will be introduced in the March 2025 release, where users attempting to authenticate with the RSA Authenticate app will receive a prompt notifying them that the app is no longer supported and providing clear instructions for upgrading to the RSA Authenticator app.

Subscribe to status.securid.com for the Cloud Authentication Service Status Updates

For information about all service incidents and scheduled maintenance windows for the Cloud Authentication Service, subscribe to https://status.securid.com.

Identity Router Update Schedule and Versions

The new identity router software versions are:
 

Upcoming End of Primary Support (EOPS) Details

The following table provides details of the RSA products reaching the end of support within the next six months:
 

Third-Party Integrations from RSA Ready

The following integrations were recently completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.

New Integrations for ID Plus

•  Nutanix Prism Central
• OpenText EnCase
• Salesforce CRM as SCIM Server
• SkyHigh Security (End User)

Updated Integrations for ID Plus

• AWS including session tags
• Citrix Cloud
• Citrix Netscaler
•  Fortinet FortiClient
• Microsoft SharePoint (Online)
•  PingFederate
•  RSA G&L