Cloud Authentication Service Updates
The following sections provide information on the new and enhanced features of the Cloud Authentication Service (CAS).
New Authentication Dashboard in the Cloud Administration Console
A new Authentication dashboard has been introduced in the Cloud Administration Console. It offers a daily summary contrasting successful versus failed authentications, providing security administrators with clear insights into potential issues. Administrators can view authentication counts for the past 7, 14, and 21 days, as well as the past month, with totals displayed for each period. The Authentication dashboard helps security administrators quickly identify unusual authentication activities, improving overall monitoring and management of authentication processes.
OAuth 2.0 Client Credentials Grant Support
The OAuth 2.0 client credentials grant flow allows applications to securely authenticate and acquire access tokens from the authorization server without user involvement. In the Cloud Administration Console, administrators can now configure OIDC/OAuth-based applications using this flow. This feature is available in limited release upon request.
Dutch Language Support for My Page
My Page, authentication workflows, and email templates are now localized in Dutch, improving the user experience for Dutch-speaking users.
Filter Identity Source Statement Attributes
In the Cloud Administration Console, administrators can now filter identity source statement attribute values for both Single Sign-on (SSO) applications and Relying Parties. They can manage Statement Attributes by adding, editing, and deleting them as necessary. Administrators can define attribute names, select identity source properties, apply operators to selected properties, and set filter values and conditions.
Usage Information Dashboard Notification
In the Cloud Administration Console, on the Usage Information dashboard, if Authentication Manager is connected to the Cloud Authentication Service and is below version 8.7 SP2, the following notification will be displayed: "Upgrade to AM 8.7 SP2 or higher to display the full count of On-prem, Hybrid, and Total users."
Enrollment and Emergency Access Codes Guidelines
When an administrator generates an Emergency Access Code for a user, they cannot issue an Enrollment Code. Moreover, generating an Emergency Access Code will invalidate any previously issued Enrollment Code for that user.
Important Notice: Required Use of Tenant-Specific URLs
Administrators must use their assigned URLs. URLs identifying specific regions or sites will no longer work, and access through these URLs will be blocked, not redirected, in the future.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| Authenticator for Windows | 6.1.2 | November 2024 | No |
| 6.1.1 | August 2024 | No | |
| RSA Authentication Manager | 8.6 | August 2024 | August 2025/August 2026 |
| Authentication Agent for PAM | 8.1.x | November 2024 | No |
RSA Identity Router Version 12.21 Security Update
RSA Identity Router version 12.21 release includes security updates to address a vulnerability in RADIUS protocol and miscellaneous improvements. RSA recommends applying this critical update as soon as possible if it has not already been applied.
For RADIUS clients, you can enable the Message authenticator attribute field in this version. In the Cloud Administration Console, you can enable this attribute if you have already upgraded your identity router (IDR) to the latest version. For further information, see Update Identity Router Software.
Ensure that your RADIUS client software supports sending the message authenticator attribute in each RADIUS authentication request.
Note: If your IDRs have already been upgraded to version 12.21, no further updates are necessary.
Identity Router Update Schedule and Versions
Identity routers will be updated according to the following schedule. Downloading the new identity router image when you deploy new identity routers ensures that you benefit from the latest security improvements.
| Date | Description |
|---|---|
|
AU: 6/25/2024 EU/IN/JP: 6/27/2024 NA: 6/28/2024 GOV: 6/28/2024 CA/SG: 6/28/2024 | Updated identity router software is available to all customers. |
| Default: Saturday 10/05/2024 | Default date when identity routers are scheduled to automatically update to the new version unless you modify the update schedule or update manually. |
| Last: Sunday 10/27/2024 |
If you postponed the default date, this is the last day when updates can be performed. |
The new identity router software versions are:
|
Identity Router Deployment Type | Version |
|---|---|
| On-premises | 12.21.0.0 |
| Amazon Cloud | RSA_Identity_Router 12.21.0.0 |
Strong Key Exchange Option Added in Encryption Settings
In the Cloud Administration Console, on the Platform > Certificates and Encryption > Encryption Settings page, a new option, "Enable Strong Elliptic Curve Key Exchange," has been added. When enabled, the identity router (IDR) will use elliptic curves with 224 bits or higher for Transport Layer Security (TLS) key exchange in all incoming and outgoing connections. Enabling this option is strongly recommended to enhance security.
Third-Party Integrations from RSA Ready
The following integrations were recently completed or certified by RSA through the RSA Ready Technology Partner Program. Implementation Guides will be coming soon. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.
New SAML Integrations for the Cloud Authentication Service
-
AWS Identity Center
-
AWS Identity Center S3
-
Box
-
CloudBees Feature Management
-
Dropbox Sign
-
HashiCorp Terraform Cloud
-
IBM Resilient
-
Microsoft Entra ID
-
Oracle Cloud Infrastructure
-
SentinelOne
-
Sprout Social
-
Tenable Vulnerability Management
-
Zoho Mail
Updated SAML Integrations for the Cloud Authentication Service
-
Asana
-
Awardco
-
Boomi
-
ClearSlide
-
Help Scout
-
iMeet Central
-
Insightly
-
Jamf Pro
-
Jobscore
-
LiveChat
-
LogMeIn GoToMeeting
-
LogMeIn GoToTraining
-
LogMeIn GoToWebinar
-
New Relic
-
OneLogin
-
OpenVoice
-
Robin
-
ThousandEyes
Related Articles
NT: PIN on token has to be reset every ten minutes Number of Views Tenable Vulnerability Management - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views Tenable Vulnerability Management - SAML Relying Party Configuration - RSA Ready Implementation Guide Number of Views Tenable Vulnerability Management - RSA Ready Implementation Guide Number of Views Some aliases are lost in a migration from Authentication Manager 6.1 to Authentication Manager 8.1 for users where there a… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Authentication Manager 8.8 Setup and Configuration Guide
