Cloud Authentication Service Updates
The following subsections outline the new and enhanced features of the Cloud Authentication Service (CAS).
Improved Security for IDR and CAS Communication
Security has been enhanced for connections between Identity Routers (IDRs) and the Cloud Authentication Service (CAS). Through the Cloud Administration Console, a network zone can be assigned to a cluster, ensuring that only IDRs within a trusted configured network zone are allowed to pull configurations from CAS. This feature is accessible via the Cloud Administration Console > Platform > Clusters. To monitor communication status, administrators can view the connection state (Active or Blocked) under Platform > Identity Router.
Live Verification Enhancements
Help Desk Live Verification can now be accessed through an API, enabling seamless integration into your existing systems and workflows. This update allows administrators to trigger bi-directional authentication using any registered MFA authenticator directly through API calls without exposing any credentials during the verification process.
Note: The user interface now supports localization in 10 languages, offering a more flexible and accessible experience for end users.
Streamlined Passwordless Identity Verification
You can now confidently verify user identities without requiring passwords. The user enrollment and credential recovery experience has been simplified and enhanced with new passwordless verification options on RSA My Page. This update delivers stronger security, reduced user friction, and a smoother overall experience. The new workflow supports both environments with or without an identity verification system. To access this feature, navigate to Access > Policies > My Page Enrollment / Recovery > Rule Sets > Identity Verification in the Cloud Administration Console.
Improved FIDO Authenticator Support for Custom Domains in CAS
Authentication requests from Microsoft Entra to CAS via external authentication method now fully support all types of FIDO authenticators registered to custom domains. This enhancement ensures a smoother, more secure login experience for your users.
Note: This functionality is not currently supported in Firefox, as the browser does not support FIDO's Related Origin Request (ROR) feature.
RSA Authenticator App Updates
Stay Secure: Mandatory RSA Authenticator App Upgrade by October 2025
To ensure users continue enjoying a secure and seamless login experience, all RSA mobile application users must upgrade to the latest version of the RSA Authenticator app for iOS and Android by October 2025. Starting with the CAS October 2025 release, all versions of the RSA Authenticate app for iOS and Android and versions of RSA Authenticator apps for iOS and Android prior to V4.5 will no longer support modern multi-factor authentication (MFA) methods, such as push notifications. To make this transition easier, users of these apps will begin receiving clear upgrade notifications via the web interface following a successful authentication through CAS. For more details, see Time is Running Out – Users Must Migrate from the Legacy RSA Authenticate App. Check the following screenshots of the upgrade notices for both app types.
Important Notice: Use of Company-Specific URLs Required
As a follow-up to the November 2024 Release Announcement, non-company-specific URLs will soon be removed. Please update the affected service URLs immediately. For more information, see transition guide here: Company-Specific Administrative URLs Update Instructions. Administrators must use their designated company-specific URLs for all access, including API interactions, Authentication Manager (AM) configurations, SCIM configurations, or redirected URLs from identity providers (IdPs). Access via any other URLs, or those without a company subdomain, will be blocked, potentially resulting in a loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com). To ensure uninterrupted access, administrators should promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as needed. If your Identity Router (IDR) software version is earlier than 12.22.0.0.32, you must upgrade your IDR to 12.22.0.0.32 or later to avoid any disruptions when non-company-specific URLs are deprecated.
Subscribe to status.securid.com for the Cloud Authentication Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Authentication Service, subscribe to https://status.securid.com.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| RSA Authentication Manager | 8.7 | May 2025 | May 2026 / May 2027 |
| MFA Agent for Microsoft Windows | 2.2.1 | June 2025 | No |
| Authentication Agent for Epic Hyperdrive | 1.x | June 2025 | No |
| RSA Authenticator for iOS and Android | 4.3 | June 2025 | No |
Third-Party Integrations from RSA Ready
The following integrations were recently completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.
New Integrations for ID Plus
- Cerby (SAML & SCIM)
- Sophos XGS4500 Firewall (Radius)
Updated Integrations for ID Plus
- CyberArk PVWA (SAML)
- Fortra GoAnywhere MFT (SAML)
- ID Dataweb (OIDC)
- Microsoft ADFS (SAML)
- Microsoft Sharepoint On-prem (SAML)
