Critical Notices

The following urgent notices relate to mandatory upgrades and important changes within the RSA environment. Immediate action is required to prevent potential service disruptions.

Use of Company-Specific URLs Required

As a follow-up to the November 2024 Release Announcement, non-company-specific URLs will soon be removed. Update the affected service URLs immediately. For more information, see the Company-Specific Administrative URLs Update Instructions. Administrators must use their designated company-specific URLs for all access, including API interactions, Authentication Manager (AM) configurations, SCIM configurations, or redirected URLs from identity providers (IdPs). Access through non-company specific URLs is not yet blocked, however, when it is blocked, it can potentially result in loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com ). To ensure uninterrupted access, administrators should promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as needed. If your Identity Router (IDR) software version is earlier than 12.22.0.0.32, you must upgrade your IDR to 12.22.0.0.32 or later to avoid any disruptions when non-company-specific URLs are deprecated.  

Starting with the June release, a banner warning appears for 24 hours whenever a non-company-specific URL is used for the following:

• Logging in to the Cloud Administration Console via password or third-party IdP.
• Accessing the Cloud Administration REST APIs.

In addition, an audit event is logged once per day whenever a non-company-specific URL is used for third-party IdP login and Cloud Administration REST API. You can view this event from the Cloud Administration Console in Platform > Admin Event Viewer.

Identity Router (IDR) 12.23.0.0.11 Now Available

The IDR 12.23.0.0.11 release is now available. We recommend that all customers upgrade to this version.

This release includes the following updates:

• Fixed an issue affecting the IDR SSH login feature, which is used by RSA Support for troubleshooting purposes.

Note: This issue did not impact the core functionality of the IDR.

• Fixed multiple security vulnerabilities.

Customers can wait for the scheduled upgrade or choose to upgrade at their own discretion.

Identity Router Update Schedule

Identity routers will be updated according to the following schedule. Downloading the new identity router image when you deploy new identity routers ensures that you benefit from the latest security improvements.

Coming Soon - Deprecation of TCP Connection Between Cloud Access Service (CAS) and AM

RSA announces  the upcoming deprecation of the TCP Agent connection  between CAS and AM. If your environment is configured to connect to AM through Cloud Administration Console > Platform > Authentication Manager > Connection to Authentication Manager, an update will be required after the upcoming IDR release. This integration will transition to the Authentication Manager REST Agent, replacing the existing TCP Agent connection. At this time, no immediate action is required. Detailed instructions and timelines will be shared prior to the deprecation to guide you through the transition and ensure uninterrupted connectivity between CAS and AM.

Cloud Access Service Updates

My Page UI Now Supports Arabic RTL

The My Page user interface has been enhanced to improve usability and accessibility for Arabic-speaking users. Arabic content now displays from right to left (RTL), ensuring a more natural and intuitive reading experience. This enhancement provides a localized interface aligned with Arabic language standards, resulting in a smoother and more consistent user experience.

Export Admin Users Report via Cloud Administration Console or API

You can now export a comprehensive report of all administrative users directly from the Cloud Administration Console or retrieve it programmatically through the REST API. This report includes Admin Names, Admin Emails, Role, Status, Created At, Updated At, and last Login Time. This enhancement enables organizations to prove access, validate least privilege, and maintain continuous compliance evidence without relying on screenshots or manual exports.
To download the CSV report, go to Cloud Administration Console > My Account > Administrators > Admin Users Reports. You can also download this report through Cloud Administration Console > Users > Reports > Admin Users. 

Enhanced All Users Report

The All Users report is now enhanced to include the exact Last Successful Authentication Date and the Last Successful Authentication Method for every user. This update provides greater accuracy and visibility into user activity, helping you identify dormant accounts and maintain audit-ready reporting. To download the CSV report, go to Cloud Administration Console > Users > Reports > All Users. 

Enhanced Visibility with New RADIUS Clients Report

The RADIUS Clients report is introduced in the Cloud Access Service to provide deeper visibility into RADIUS client configurations and authentication activity. This report enables you to audit, optimize, and troubleshoot RADIUS integrations by consolidating detailed client information, including IP Address, Type, Authentication Configuration, Last Modified Date, and additional data fields. This enhancement improves operational efficiency, strengthens compliance reporting, and simplifies authentication management across environments. To download the CSV report, go to Cloud Administration Console > Users > Reports > Radius Clients. 

Enhanced Passkey Support Across Domains

The FIDO authentication is now enhanced by enabling multiple custom FIDO Relying Party (RP) IDs per account. A passkey registered on one approved domain can now be used to sign in across other authorized domains, delivering a seamless and secure multi-domain experience while preserving FIDO’s domain binding and privacy protections (FIDO Related Origins). To add one or more domains, go to Cloud Administration Console > Access > FIDO Authentication > FIDO Relying Party Domain(s).

Default Network Zone Configuration

A default option for network zones is now introduced, allowing you to designate any network zone as the default. The default network zone automatically applies to all APIs, AM, SCIM, and IDR configurations that either do not specify a network zone or rely on the default setting. You can change or select a different default network zone at any time, and updates will only affect configurations that use the default zone. You can now set any network zone as the default in the Cloud Administration Console.

Note: A System Default Zone is automatically created to allow all IP addresses. Once a network zone is set as the default, it cannot be deleted unless another network zone is designated as the default.

Subscribe to status.securid.com for the Cloud Access Service Status Updates

For information about all service incidents and scheduled maintenance windows for the Cloud Authentication Service, subscribe to https://status.securid.com.

Third-Party Integrations from RSA Ready

The following integrations were recently completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.

• New Integrations for ID Plus

• • Apple iOS Native VPN (RADIUS)
  • BeyondTrust Password Safe (SAML)
  • Broadcom Symantec PAM (SAML)
  • FireMon Policy Manager (SAML)

• Updated Integrations for ID Plus

• • AuthenTrend ATKey (FIDO)
  • CyberArk PAM plug-in (AM)
  • HPe Aruba ClearPass (RADIUS)
  • Prove SMS Gateway (AM)