Cloud Authentication Service Updates
The following sections provide information on the new and enhanced features of the Cloud Authentication Service (CAS).Publish Changes to the Cloud Authentication Service Faster
In the Cloud Administration Console, the Publish Changes button will no longer publish changes to an identity router (IDR) if the changes do not affect that IDR, thereby reducing publish time. For example, when you edit RSA My Page customizations, the changes will be published only to the Cloud Authentication Service.The new "Force Publish to all IDRs" option is now available on the Publishing Status page so that administrators can publish changes to the Cloud Authentication Service and all registered Identity Routers to resend the current configuration settings to each IDR or to resolve an IDR's issue (if any).
Register Multiple FIDO Authenticators
Users can now register a maximum of five FIDO authenticators using the RSA My Page to still log in if their primary authenticator is unavailable. On the My Page > My Authenticators page, users can view all their registered FIDO authenticators.In the Cloud Administration Console, administrators can view a user's registered FIDO authenticators on the Users > Management > a user's details page. In the "All Users" report, a new column, titled "Number of FIDO Authenticators", has been added to help administrators view the number of registered FIDO authenticators per user. Moreover, administrators can enable the option to automatically send an email notification when users register a FIDO credential on the My Account > Company Settings > Email Notifications page.
A New Unified View of Usage Information in the Cloud Administration Console Dashboard
In the Cloud Administration Console, the Usage Information dashboard has been enhanced with a unified view of total users and credentials of both Cloud Authentication Service (CAS) and on-premises Authentication Manager (AM) for your hybrid deployments. To display the unified view, the connection between the Cloud Authentication Service and Authentication Manager needs to be established. A new, refreshed look and feel has been developed to visually present the Cloud-only data when there is no AM and CAS connection.
To view the unified usage dashboard with on-premises information, you need to upgrade your Authentication Manager to 8.7 SP2, scheduled for release by the end of January 2024.
Enable Approve and Biometrics Code Matching Feature
Administrators can now enable Code Matching with different modes, even if the various components in their environment (Authenticators or Agents) do not support it for Approve and Biometric notifications. Once this feature is enabled, Code Matching is then used for a given authentication event only if both the Agent and the Authenticator app involved support the configured mode.
Enable Saving Primary Authentication Method Preference
In the Cloud Administration Console, administrators can now enable the option to save a user’s last successfully used primary authentication method and its associated policy as their preferred one in a browser cookie. Therefore, when a user attempts to authenticate again, they will be prompted to use the same saved primary authentication method.
Customize Cloud IdP User Instructions
Administrators can now add Cloud IdP instructions or text displayed during authentication. Users can easily perform Primary Authentication via Cloud IdP by following the displayed on-screen instructions during authentication.
Access Policies Terminology Changes in the Cloud Administration Console
In the Cloud Administration Console, terminology changes have been made to the UI labels of access policies. These changes aim to create a more unified and standardized experience while managing your access policies for authentication. For example, when you add a Microsoft Azure Directory Relying party, in the Authentication tab, the “Access Policy for Additional Authentication” label has been changed to “1.0 Access Policy for Additional Authentication”. In addition, when you add an application, in the User Access tab, the “Select a policy” label has been modified to “Select a 1.0 policy”.
MFA Agent Citrix StoreFront V3.0 Now Released!
MFA Agent Citrix StoreFront V3.0 is now released with the following features:
-
New and intuitive user interface for an enhanced user experience, with new terminology adapted.
-
Support for Emergency Access Code as a new method and enhanced Approve and Biometrics methods to support Confirmation Code.
- Enhanced Agent settings interface allows easy configurations relevant to the Cloud Authentication Service (CAS) and Authentication Manager (AM) using the Server and Advanced tabs.
- Support for Authentication Manager failover (The Agent can switch to AM replicas in case of AM failure when using AM as a secure proxy to connect to CAS).
- Ability to enable WPI either during installation or by using configuration settings after installation.
- Enhanced Agent reporting.
- Support for silent mode installation and upgrade.
- Deprecated UDP connection to Authentication Manager and risk-based authentication (RBA) support. For more information, see Deprecated Features for RSA MFA Agents.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/ Level 2 |
| Authentication Agent for Microsoft Windows | 7.4.x | June 2024 | No |
| MFA Agent for Microsoft Windows | 2.1.x | June 2024 | No |
| Authenticator App for macOS | 5.0 | March 2024 | No |
| Authentication Agent for Citrix StoreFront | 2.0.x | March 2024 | No |
| Authenticate App for iOS and Android | 3.9.x | March 2024 | No |
| Authenticator App for iOS | 4.2 | June 2024 | No |
| 4.1.5 | January 2024 | ||
| 4.1.0 | |||
| Authenticator App for Android | 4.2 | June 2024 | No |
| 4.1.6 | January 2024 | ||
| 4.1.0 |
Identity Router Update Schedule and Versions
This release includes miscellaneous identity router improvements. Identity routers will be updated according to the following schedule. Downloading the new identity router image when you deploy new identity routers ensures you benefit from the latest security improvements.
| Date | Description |
|---|---|
| AU: 3/11/2024 | Updated identity router software is available to all customers. |
| EU / IN: 3/13/2024 | |
| NA: 3/14/2024 | |
| Gov: 3/14/2024 | |
| Saturday 4/20/2024 | Default date when identity routers are scheduled to automatically update to the new version unless you modify the update schedule or update manually. |
| Saturday 5/18/2024 | If you postpone the default date, this is the last day when updates can be performed. |
Note: Please update all your IDRs to v12.19 before the updated identity router software is available in your region and ensure that the IDRs have no reachability issues with the region-specific domain names before May 2024. For more information, see View Identity Router Status in the Cloud Administration Console .
The new identity router software versions are:
| Identity Router Deployment Type | Version |
| On-premises | 12.20.0.0 |
| Amazon Cloud | RSA_Identity_Router 12.20.0.0 |
Related Articles
RSA January Release Announcements Number of Views RSA July Release Announcements Number of Views RSA June 2025 Release Announcements Number of Views RSA January 2025 Release Announcements Number of Views RSA January 2026 Release Announcements Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
