Cloud Authentication Service Updates
The following subsections outline the new and enhanced features of the Cloud Authentication Service (CAS).
Emergency Access Codes Now Support One-Time Use
Emergency Access Code (EAC) functionality is now enhanced with support for single-use expiration. This improvement reduces exposure and helps minimize the risk of unauthorized access during critical support scenarios. With the new setting, EACs expire immediately after a single use, an upgrade from the previous minimum expiration period of one day. Help Desk Administrators can configure one-time use EACs in the Cloud Administration Console under Users > Management, while Super Administrators can define the default tenant wide behavior via Company Settings > Sessions & Authentication > Emergency Access Codes.
Enhanced Control: Restrict RSA Authenticator App Usage According to Operating System
Administrators can now restrict the use of the RSA Authenticator app according to operating system, to help organization enforce internal compliance policies. This feature is available in the Cloud Administration Console under Access > My Page > My Authenticators > Configuration.
Improved Access Visibility for Managers and Application Owners
Managers and Application Owners can now easily view their team members and the applications they have access to via the new My Users Access tab, located under My Page > My Users Access. This enhancement improves transparency and simplifies access oversight, helping organizations ensure users have appropriate access levels while supporting stronger governance and compliance practices.
Improved Password Spray Attack Detection and Notification Visibility
Password Spray Attack detection now includes the tenant name and URL in email notifications sent to Client Administrators. Additionally, filtering has been enhanced to event code search in Cloud Administration Console > Users > User Event Monitor, making it easier to identify and investigate suspicious activity. These updates enhance visibility into potential threats, streamline incident response, and strengthen your organization’s ability to detect and mitigate password based attacks. Super Administrators can configure notification settings by navigating to Cloud Administration Console > My Account > Company Settings > Email Notifications > Anomaly Detection (Password Spraying).
Terminology Update: Cloud Authentication Service Renamed to Cloud Access Service
This terminology change reflects the platform's expanded capabilities and aligns with upcoming improvements. You may still see both names in the product and documentation as we gradually roll out this update.
Important Notice: Use of Company-Specific URLs Required
As a follow-up to the November 2024 Release Announcement, non-company-specific URLs will soon be removed. Please update the affected service URLs immediately. For more information, see transition guide here: Company-Specific Administrative URLs Update Instructions. Administrators must use their designated company-specific URLs for all access, including API interactions, AM configurations, SCIM configurations, or redirected URLs from identity providers (IdPs).The access through the non-company specific URL is not yet blocked. It will be blocked potentially resulting in a loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com )". To ensure uninterrupted access, administrators should promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as needed. If your Identity Router (IDR) software version is earlier than 12.22.0.0.32, you must upgrade your IDR to 12.22.0.0.32 or later to avoid any disruptions when non-company-specific URLs are deprecated.
Subscribe to status.securid.com for the Cloud Authentication Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Authentication Service, subscribe to https://status.securid.com.
RSA Authentication Agents 8.0.x for IIS and Apache No Longer Available for Download
As announced in RSA Authentication Agent for Microsoft IIS and Apache EOPS advisory, RSA Authentication Agents 8.0.x for IIS and Apache are no longer available to download. Support for RSA Authentication Agents 8.0.x for IIS and Apache will continue till March 2026.
Coming Soon (July Release)
The following section outlines the upcoming features planned for the July release.
Upcoming Identity Router Update Requirement
- IDRs running versions 12.21.x or 12.22.x (earlier than 12.22.0.0.32) are automatically upgraded. However, IDRs on versions prior to 12.21.x are excluded from this automatic upgrade, as they are no longer supported and require manual intervention.
- For customers currently on version 12.21.x, this upgrade also includes an operating system update. Please refer to the Upgrade Guide for detailed steps and prerequisites.
- The upcoming automatic upgrade for IDR follows a different process from standard upgrades. You will not have the option to reschedule or select an alternate upgrade date. To apply the update earlier than the scheduled rollout, you can manually upgrade the IDR at any time. Ensure upgrading the IDR at any time before July 12, 2025.
RSA Authenticator V4.6 for iOS and Android
Streamlined Credential Registration in RSA Authenticator App
Users can now register both CAS credentials and passkeys (FIDO credentials) through a single, simplified action, reducing the number of steps required. This improves usability and accelerates secure onboarding.
Enhanced Mobile Lock Notifications in RSA Authenticator App
When a critical threat is detected, users will now receive notifications containing detailed information about the threat. This empowers users to resolve certain issues independently and enables them to provide clearer, more actionable information when engaging with their IT Help Desk, improving response time and support efficiency.
In-App Upgrade Notification in RSA Authenticator App
Users will now receive an in-app notification when a newer version is available for download. This helps ensure users stay up to date with the latest features, performance improvements, and security updates.
Expanded Credential Support in RSA Authenticator App
Users can now manage up to 30 RSA credentials, including both Authentication Manager (AM) and CAS credentials. This enhancement is designed for powered users who need access to multiple services, providing greater flexibility and convenience. The user interface has also been updated to simplify navigation and improve the management experience for a larger number of credentials, including passkeys.
Expanded Passwordless Authentication Methods in RSA MFA Agent for Windows
The upcoming RSA MFA Agent for Windows v2.4, targeted for release in the July/August 2025 timeframe, introduces expanded support for passwordless authentication across both Local Active Directory and Microsoft Entra ID deployments. This includes:
-
FIDO Security Key (now extended to Entra ID; previously supported only with Local AD)
-
Mobile Passkey, used with RSA Authenticator app v4.6 for iOS and Android (scheduled for July 2025 release)
-
QR Code Authentication
-
Biometric Notification
To enable these capabilities:
-
The CAS June release introduces three new authentications methods for administrators to configure:
-
QR Code (RSA Agent)
-
Device Biometrics (RSA Agent)
-
Mobile Passkey (RSA Agent)
-
-
The CAS July release will include Certificate Authority (CA) services to enable certificate-based passwordless authentication for Entra ID deployments.
Note: The two CAS features mentioned above will be seamlessly enabled before the CAS July release for ID Plus E2 and E3 subscriptions. Customers with ID Plus E1 subscriptions will require an add-on to enable these.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| RSA Authentication Manager | 8.7 | May 2025 | May 2026 / May 2027 |
| MFA Agent for Microsoft Windows | 2.2.1 | June 2025 | No |
| 2.3 | October 2025 | No | |
| Authentication Agent for Epic Hyperdrive | 1.x | June 2025 | No |
| RSA Authenticator for iOS and Android | 4.3 | June 2025 | No |
Third-Party Integrations from RSA Ready
The following integrations were recently completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.
- New Integrations for ID Plus
- CrowdStrike Falcon Identity Protection (REST)
- Microsoft GitHub (SCIM)
- WSO2 (SAML)
- Updated Integrations for ID Plus
- Omnissa Horizon Connection Server (RADIUS)
- Omnissa UAG (RADIUS)
Related Articles
RSA January 2025 Release Announcements Number of Views RSA January Release Announcements Number of Views RSA January 2024 Release Announcements Number of Views RSA July Release Announcements Number of Views RSA May 2025 Release Announcements Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes for RSA Authentication Manager 8.8 Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
