Cloud Access Service Updates
The following subsections outline the new and enhanced features of the Cloud Access Service (CAS).
Granular Control for FIDO Authenticators
You can now precisely define which FIDO authenticators can be used for registration and authentication by enabling or disabling them based on various parameters. To define the FIDO authenticators, navigate to Cloud Administration Console > Access > FIDO Authentication.
Note: FIDO inline registration and registration of new U2F authenticators are no longer supported. Previously registered U2F authenticators can continue to be used for step-up authentication.
OAuth JWT Support
OAuth JWT support is now available to enhance the security of external identity source SCIM client connections to CAS. SCIM access can now be secured using OAuth-based authentication instead of legacy API keys, providing stronger protection and improved control over integrations. To configure this feature, navigate to Cloud Administration Console > Platform > API Access Management. To apply the configuration to a SCIM identity source, navigate to Cloud Administration Console > Users > Identity Sources.
Group Membership Details in All Users Report
The All Users report now includes three new columns: CAS Global Groups, Identity Source Specific Groups, and Identity Source Type. This update provides a complete, single view of user-to-group relationships, reduces reliance on multiple reports, and improves auditability and compliance. To download the CSV report, navigate to Cloud Administration Console > Users > Reports, then click Download CSV next to All Users.
API Enhancement: Additional User Identifier Support
The Cloud Administration Retrieve Device Registration Code API, Cloud Administration User Details API, and Cloud Administration Authenticator Details API Version 1 now support the username input parameter to identify the user being managed. This enhancement provides greater flexibility when integrating with systems that use usernames as the primary user identifier.
Identity Router (IDR) Portal SSO Enhancements
SAML applications available from CAS legacy IDR SSO portal now include the following security and usability improvements:
- The maximum character length for IDR SAML application names increased from 100 to 200 characters to make applications easier to identify.
- The LDAP/AD user search filter configured in each identity source can now be globally enabled in the IDR portal to exclude users from authenticating. The portal does not attempt password authentication against the identity source, preventing password strikes that could lock user accounts.
- SAML application configuration now supports attribute filters, allowing control over which user attributes are sent to each application and helping prevent over-granting of access permissions. You can configure these attribute filters on the Fulfillment tab while adding a SAML Direct application. To access this option, navigate to Cloud Administration Console > Applications > Application Catalog.
Access Discovery on My Page
My Page is now enhanced with access discovery, providing managers and application owners with a complete view of access across all accounts, including those outside the standard Lifecycle Management process. This enhancement eliminates critical security blind spots, enables proactive risk mitigation, and ensures accountability for every entitlement, regardless of how it was provisioned. To view this enhancement, navigate to My Page > Access Control.
Subscribe to status.securid.com for the Cloud Access Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Access Service, subscribe to https://status.securid.com.
Third-Party Integrations from RSA Ready
The following integrations are completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.
- New Integrations for ID Plus
-
- CrowdStrike Falcon Next-Gen SIEM (Authentication Manager Logs)
- Microsoft Sentinel Connector
- Microsoft Sentinel using Logic App
- SilverFort Bridge (SAML)
- Updated Integrations for ID Plus
-
- BeyondTrust Password Safe (RADIUS)
- Palo Alto Captive Portal (SAML)
- Palo Alto Cloud Identity Engine (SAML)
- Palo Alto NGFW Global Protect (RADIUS, SAML)
- Workday (SAML)
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| Authentication Agent for Web for IIS / Apache | 8.0.x | March 2026 | No |
| MFA Agent for Microsoft Windows | 2.3.1/ 2.3.2 | May 2026 | No |
| Authenticator for iOS & Android | 4.4 | June 2026 | No |
| RSA Authentication Manager | 8.7 SP1 | June 2026 | June 2027/ June 2028 |
Related Articles
RSA February 2026 Release Announcements Number of Views RSA January 2026 Release Announcements Number of Views RSA March Release Announcements Number of Views RSA March 2025 Release Announcements Number of Views RSA March 2024 Release Announcements Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
