Cloud Authentication Service Updates
The following subsections outline the new and enhanced features of the Cloud Authentication Service (CAS).
Cloud Administration Console Notifications for Password Spray Attack Detection
In the Cloud Administration Console, on-screen notifications have been added to help administrators detect and respond more quickly to potential password spray attacks. These enhancements enable faster identification of suspicious authentication attempts, especially when the user ID does not match any known users, signaling possible malicious activity. Administrators can now more effectively assess and mitigate threats.
Secure My Page SSO Applications with Access Policy 2.0
Administrators are now required to assign only Access Policy 2.0 to My Page SSO applications, both when adding new applications and when editing existing ones. When adding a new My Page SSO application, the User Access tab will only display Access Policy 2.0 options. Additionally, when editing existing applications, administrators need to select 2.0 Access Policy for authentication, as 1.0 policies can no longer be edited.
When accessing an SSO application secured by a 2.0 access policy, users will no longer be prompted to authenticate with the My Page policy, only the 2.0 policy for that application. However, they will still need to complete the My Page policy when accessing the My Page Application Portal, launching Identity Router (IDR) SSO Portal applications, or visiting preexisting SSO applications protected by 1.0 policies.
These updates streamline access management by ensuring that all My Page SSO applications are protected by Access Policy 2.0, enhancing application security.
Note: Bookmark applications still use 1.0 policies.
Manage User Groups in the Cloud Administration Console
In the Cloud Administration Console (under Users > Groups), administrators can now create and manage Local Groups. Local Groups seamlessly integrate users from various identity sources (internal identity source, AD/LDAP, or SCIM), allowing them to be grouped together in a single group. Additionally, administrators can search for users individually and add them to groups for bulk user additions.
Enhanced My Page Applications Access Management
In the Cloud Administration Console, administrators can now assign specific access levels based on individual user attributes for application provisioning. This feature offers enhanced flexibility, customization, and more granular access management. Within the Fulfillment tab, administrators can now assign role/group permissions based on the available user attributes. The Fulfillment service provisions the application with the assigned roles/groups, ensuring that users are granted the appropriate privileges based on their needs.
Secure RSA Cloud Administration APIs Using OAuth 2.0
The RSA Cloud Administration APIs now support the OAuth 2.0 authorization framework, providing secure, token-based access to the Administration APIs. This integration enhances both security and flexibility, allowing administrators to manage access with detailed permissions. In the Cloud Administration Console, under Platform > API Key Management, administrators can now configure Administration API clients. OAuth 2.0 supports client authentication before issuing access tokens. It also allows fine-grained permission controls and configurable token validity, providing a more secure and flexible approach to managing API access.
Secure Access to Audit Logs for All Customers
With the support of OAuth 2.0 and granular permissions, all customers can now securely access all system-level audit logs, regardless of their ID Plus plan. This update enhances control for administrators, ensuring compliance requirements are met while offering secure and flexible access to audit logs.
Look and Feel Updates for the Cloud Administration Console
RSA is gradually updating the design of the Cloud Administration Console (for example, the header) as part of its ongoing effort to enhance the user experience.
Arabic Now Supported on My Page and Authentication Workflows
Users can now access RSA-protected resources with Arabic language support, including My Page, authentication workflows, email templates, and My Page Help.
Roles History Link Now Available on My Page
In the Request details pane, the Roles History link is now available on My Page, allowing requestors and approvers to track all changes made to a role during the request process.
Upgrade Seamlessly to the Latest RSA Authenticator App
Users still relying on the legacy RSA Authenticate app (no longer supported) for web-based authentication will now be presented with an on-screen notice guiding them to upgrade to the current RSA Authenticator app. This always-on notice provides users with clear instructions on how to transition to the supported app, improving security and providing them with access to more authentication methods.
RSA Authenticator 4.5.2 for iOS and Android – Coming Soon
Here’s an overview of the key updates in the upcoming RSA Authenticator 4.5.2 release:
- Threat Detection for Android Rooted Devices: The RSA Authenticator app for Android now strengthens security by blocking usage on rooted devices, aligning with the protection available on the iOS version. With enhancements that extend beyond Google’s standard APIs, RSA is delivering a robust solution that ensures compliance, provides administrators with actionable insights, and minimizes the risk of false positives.
- RSA Authenticator App Now Supports Arabic: The RSA Authenticator app for iOS and Android is now available in Arabic, featuring full content translation and a right-to-left design for an intuitive user experience. This update ensures seamless accessibility for Arabic-speaking users, reflecting RSA’s commitment to global usability.
Important Notice: Use of Company-Specific URLs Required
Effective March 2025, access through non-company-specific URLs will be discontinued. Administrators need to utilize their designated company-specific URLs for all access, including API interactions, Authentication Manager (AM) configurations, SCIM configurations, and redirected URLs from identity providers (IDPs). Access via any other URLs or those lacking a company subdomain will be blocked, resulting in potential loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com). To ensure uninterrupted access, administrators need to promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as necessary.
If a SAML third-party Identity Provider (IdP) is set up for logging into the Cloud Administration Console, it is essential to ensure that both the Sign-In URL and the Assertion Consumer Service (ACS) URL are configured to use the company-specific URLs on the IdP side. If they are not currently configured this way, please make the necessary updates. To find your company-specific Sign-In URL and ACS URL, go to My Account > Company Settings > Sessions and Authentications in the Cloud Administration Console.
Subscribe to status.securid.com for the Cloud Authentication Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Authentication Service, subscribe to https://status.securid.com.
RSA MFA Agent Support for macOS Sequoia 15.2
We are pleased to announce that RSA has officially qualified RSA MFA Agent 1.4.2 support for macOS Sequoia 15.2. Customers can now safely upgrade their macOS machines to Sequoia 15.2 and continue to use RSA MFA Agent 1.4.2 for secure user authentication and login.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| Authenticator for Windows | 6.1.3 | February 2025 | No |
| RSA Authentication Manager | 8.7 | May 2025 | May 2026 / May 2027 |
| MFA Agent for Microsoft Windows | 2.2.1 | June 2025 | No |
| Authentication Agent for Epic Hyperdrive | 1.x | June 2025 | No |
| Authenticator for iOS & Android | 4.3 | June 2025 | No |
Third-Party Integrations from RSA Ready
The following integrations were recently completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.
New Integrations for ID Plus
- Skyhigh Security
- Skyhigh Security SWG
- Zimperium zConsole
Updated Integrations for ID Plus
- Check Point Gateway
- Fortigate VPN
- Microsoft NPS
- OneLogin
- SonicOS
- Zoho ME ADSelfService Plus
Related Articles
RSA June 2025 Release Announcements Number of Views RSA May 2025 Release Announcements Number of Views RSA July 2025 Release Announcements Number of Views RSA November 2025 Release Announcements Number of Views RSA January Release Announcements Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor… RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8
