Cloud Authentication Service Updates
The following sections provide information on the new and enhanced features of the Cloud Authentication Service (CAS).
Manage User Consent to OpenID Connect (OIDC) Applications
In the Cloud Administration Console, administrators can configure whether users will be prompted to consent to share data with an OIDC-based application. Administrators can now enable or disable the option for users to provide consent for private information disclosure. Users can now grant consent once for an OIDC application and revoke consent on My Page.
Enable Verbose Logging for User Event Monitor
In the Cloud Administration Console, administrators can now include verbose logging to view all user events required for analysis. To view verbose logs for user events, open the Cloud Administration Console, click Users > User Event Monitor, and then select Include Verbose Logs.
Support for Windows Server 2019 and 2022 in Integrated Windows Authentication (IWA) Connector
The SecurID Integrated Windows Authentication (IWA) Connector is now supported for use with .NET Framework 4.7 and 4.8 on Windows Server 2019 and 2022, respectively.
Change the Default Icon for a Cloud Identity Provider (IdP)
The Cloud Administration Console allows administrators to change the default icon of any Cloud identity provider. To change the default icon, open the Cloud Administration Console, and on the required Cloud identity provider page, click Change Icon to upload a new one.
Audit Logging Improvements
The following improvements have been made to the User Event Log API and the Authentication Audit Logs API:
-
deviceId field in the User Event Log API will now correctly log a unique identifier for each device.
-
policyId field in the User Event Log API will return null and will eventually be removed from the API.
-
policyName in the User Event Log API will correctly log the name of the policy when a policy is evaluated.
-
deviceName in the User Event Log API and the Authentication Audit Logs API will log the devices' names when known.
-
customerName in the User Event Log API and the Authentication Audit Logs API will log the organization subdomain.
-
sourceIPAddress in the User Event Log API and the Authentication Audit Logs API will continue to log null.
-
application in the Authentication Audit Logs API will log the target application name more consistently.
-
applicationName in the User Event Log API will log the target application name more consistently.
For more information, see User Event Log API and Retrieve Authentication Audit Logs API.
MFA Agent Citrix StoreFront V3.0 - Coming Soon!
MFA Agent Citrix StoreFront V3.0 will include the following features:
-
Enhanced Agent settings interface to allow easy configurations relevant to the Cloud Authentication Service and Authentication Manager using the Server and Advanced tabs.
-
Support for Emergency Access Code as a new method and enhanced Approve and Biometrics methods to support Confirmation Code.
-
Ability to enable WPI either during installation or by using configuration settings after installation.
-
Support silent mode installation and upgrade.
-
Deprecated UDP connection to Authentication Manager and risk-based authentication (RBA) support. For more information, see Deprecated Features for RSA MFA Agents.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/ Level 2 |
| Authenticator for macOS | 5.0 | Mar. 2024 | No |
| Authentication Agent for Citrix StoreFront | 2.0.x | Mar. 2024 | No |
| Authenticate App for iOS and Android | 3.9.x | Mar. 2024 | No |
| Authenticator for iOS | 4.1.5 | Jan. 2024 | No |
|
4.1.0 | |||
| Authenticator for Android | 4.1.6 | Jan. 2024 | No |
| 4.1.0 |
Third-Party Integrations from RSA Ready
The following integrations are recently completed or certified by RSA through the RSA Ready Technology Partner Program. Implementation Guides will be coming soon. For the complete catalog of Implementation Guides, see SecurID Integrations on the RSA Community.
-
HashiCorp Vault (new) – added support for the Authentication Manager and the Cloud Authentication Service using RADIUS.
-
Microsoft Azure AD as an IDP (new) – added support for using Microsoft Azure Active Directory (AAD) as an IDP for the Cloud Authentication Service Administration Console and RSA My Page using SAML.
-
Salesforce (new) – added support for the Cloud Authentication Service using OIDC.
-
Smartsheet (new) – added support for the Cloud Authentication Service using SAML.
Related Articles
Microsoft Integrated Windows Authentication (IWA) fails with 'no uid mapping' error in RSA Access Manager 6.1 Number of Views Integrated Windows Authentication Number of Views Cloud Access Service - Integrated Windows Authentication Number of Views Deploying Integrated Windows Authentication Number of Views Configure User Browsers for Integrated Windows Authentication Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
