Cloud Authentication Service Updates
The following subsections outline the new and enhanced features of the Cloud Authentication Service (CAS).
Enhanced Security for SCIM Clients and Authentication Manager (AM) Communication with CAS
We have expanded administrator capabilities for configuring communication between SCIM clients and CAS, as well as AM and CAS. This update enhances security by allowing administrators to control IP filtering for SCIM identity sources and all versions of AM. Administrators can now allow or deny specific IP addresses under Network Zones, improving access control and reducing security risks.
Secure RSA Authentication APIs Using OAuth 2.0
We extend OAuth 2.0 support to Authentication APIs, providing secure, token-based access to the Cloud Authentication APIs. It also allows fine-grained permission controls and configurable token validity, providing a more secure and flexible approach to managing API access. This integration enhances both security and flexibility, allowing administrators to manage access with detailed permissions. Administrators can now configure OAuth clients for accessing Authentication APIs in the Cloud Administration Console, under Platform > API Access Management.
Unified API Access Management for Improved Visibility
Administrators now have enhanced visibility into Administration and Authentication Legacy API Keys, along with OAuth clients, in a single, streamlined view. These can now be accessed under Platform > API Access Management (formerly API Key Management), simplifying management and control.
Custom Disclaimer Text for My Page Authentication Screens
Administrators can now tailor authentication experiences by adding custom disclaimer text for end users. This text will be displayed underneath the authentication screens. This update provides greater flexibility and customization, allowing organizations to display important legal or informational disclaimers directly within the authentication flow. Administrators can configure this setting in the Cloud Administration Console by navigating to Access > My Page > Customization tab.
Identity Routers (IDRs) Now Supported on Microsoft Azure
RSA Identity Router (IDR) can now be deployed in the Microsoft Azure environment. This new capability extends our existing support for Amazon Web Services (AWS), VMware, Hyper-V and Authentication Manager embedded deployments, offering even greater flexibility and choice with seamless integration of IDRs into your Azure environment. Deploying IDR within your Azure environment helps drive efficiency and security in your digital transformation journey. In the Cloud Administration Console, administrators can download the virtual hardware disk (VHD) image for Azure by navigating to Platform > Identity Routers.
Secure User Verification for Help Desk Calls
Administrators can now verify user identities during live help desk calls using any registered multi-factor authentication (MFA) authenticator. This ensures a secure and seamless verification process without exposing sensitive credentials and prevents unauthorized access while maintaining a smooth user experience. The feature is managed through the Live Verification Policy, which is available in the Cloud Administration Console under Policies.
Improved Access Policy Visibility
On Cloud Administration Console > Applications screen, administrators can now view the Access Policy Type, enabling more proactive management of cloud application policies. Additionally, we have expanded capabilities to enhance the user experience. When a policy is assigned, the Primary Authentication option under Policies is now grayed out. However, administrators can view a link showing where the policy is applied, making it easier to enable or disable as needed.
RSA Authentication Manager Releases Documentation Update
Currently, AM patches for AM and WebTier have separate Read-Me documents for each patch. To enhance accessibility and convenience for customers, a unified approach will be introduced, consolidating all patch-related information into a single Read-Me document. Starting with AM 8.8, patch releases will feature a comprehensive, updated Read-Me document covering all patches, WebTier updates, and hotfixes. This consolidated document will provide details on both new and previous updates, installation instructions, new features, and resolved issues, ensuring that all relevant information is available in one place.
Important Notice: Use of Company-Specific URLs Required
As a follow-up to the November announcement (RSA-Release-Notes-Cloud-Authentication-Service-and-RSA-Authenticators), non-company-specific URLs will soon be removed. Please update the affected service URLs immediately. For more information, see transition guide here: Company-Specific Administrative URLs Update Instructions. Administrators must use their designated company-specific URLs for all access, including API interactions, Authentication Manager (AM) configurations, SCIM configurations, or redirected URLs from identity providers (IDPs). Access via any other URLs, or those without a company subdomain, will be blocked, potentially resulting in a loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com). To ensure uninterrupted access, administrators should promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as needed.
Coming Soon: Upgrade Seamlessly to the Latest RSA Authenticator App (April 2025 Release)
Users still relying on the legacy RSA Authenticate App (no longer supported) for web-based authentication will be presented with an on-screen notice guiding them to upgrade to the current RSA Authenticator App. This always-on notice provides users with clear instructions on how to transition to the supported app, improving security and providing them with access to more authentication methods.
Subscribe to status.securid.com for the Cloud Authentication Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Authentication Service, subscribe to https://status.securid.com.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| RSA Authentication Manager | 8.7 | May 2025 | May 2026 / May 2027 |
| MFA Agent for Microsoft Windows | 2.2.1 | June 2025 | No |
| Authentication Agent for Epic Hyperdrive | 1.x | June 2025 | No |
| RSA Authenticator for iOS and Android | 4.3 | June 2025 | No |
Third-Party Integrations from RSA Ready
The following integrations were recently completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.
New Integrations for ID Plus
- 15Five (SCIM)
- Okta Agent (RADIUS)
Updated Integrations for ID Plus
- F5 Big-IP APM (SAML)
Related Articles
RSA Authentication Manager 8.6 Patch 4 Readme Number of Views RSA Authentication Manager 8.7 SP1 Patch 2 Readme Number of Views AFX Server fails to start in RSA Identity Governance & Lifecycle Number of Views RSA Authentication Manager 8.x import of replacement certificate fails with the error This certificate is already imported Number of Views RSA Authentication Manager 8.6 Pre-Upgrade Check Tool Readme Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
