Summary

Effective with the RSA ID Plus release in October 2025, users of the legacy RSA Authenticate app for iOS and Android will no longer be able to authenticate. This change is driven by Google's decision to end support for the Entrust Certificate Authority (CA).

While most users of the legacy RSA Authenticate app have already migrated to the supported RSA Authenticator app, customers are running out of time to transition any remaining users still relying on the legacy app.

Risks of Using the Legacy RSA Authenticate App

Users continuing to use the legacy app face the following risks:

• Mandatory deadline: The RSA Authenticate app on iOS or Android will no longer function after Google ends support for the Entrust Certificate Authority (CA).  This change is scheduled for the second half of October 2025  and is outside RSA’s control. 
• Technical support limitations:  As mentioned above, the RSA Authenticate app is no longer supported by RSA. Therefore, any issues reported by users due to, for example, a new OS release will only be investigated (and potentially resolved) in the supported RSA Authenticator app, not the RSA Authenticate app.
• Feature availability: The RSA Authenticator app for iOS and Android offers enhanced functionality compared to the legacy RSA Authenticate app, including: 

• • Code Matching with Approve and Biometric authentication methods
  • QR Code authentication method
  • Passkey/FIDO authentication
  • Mobile Lock

Important Notes:

• The RSA Authenticate app exists for iOS, Android, and Windows. iOS and Android account for over 90% of all authentication applications deployed by RSA users, so this advisory primarily focuses on iOS and Android platforms. 
• Windows users also need to migrate to the RSA Authenticator app. Support for the RSA Authenticate app for Windows ended in March 2023. While the RSA Authenticate app for Windows will not be impacted by Google’s upcoming Entrust CA change, it is strongly recommended that users of the RSA Authenticate app for Windows upgrade, as the same technical risks mentioned above also apply to the Windows app.
• The RSA Authenticate app was never released for macOS. 

Identifying Users Still Using the RSA Authenticate App

To identify if your users are still relying on the RSA Authenticate app:

1. In the Cloud Administration Console, navigate to Users > Reports.
2. Download the ‘All Users’ report.
3. Locate the App Name column and sort it. Users with "RSA Authenticate" listed in this column are still using the unsupported app and must be migrated to the RSA Authenticator app.

Use this report to track migration progress and identify users who still need to be reminded to upgrade. All users must complete migration before the RSA October 2025 release deadline.

Preparation for Notifying Users

With the RSA Cloud Authentication Service (CAS) May release, scheduled for the second half of May, the following notice will be displayed each time a user successfully authenticates using the legacy RSA Authenticate app to access web-based resources (for example, Salesforce and Microsoft 365).  The notice is informational and non-blocking, allowing users to postpone the migration if needed.

Important Notes:

• After the RSA May release is deployed, administrators will have the option to disable the notice via the Cloud Administration Console if they prefer to encourage user migration through other methods. This option will no longer be available after the RSA August release. 

• As mentioned above, the migration prompt will only appear when a user successfully authenticates to web-based resources, such as Salesforce or Microsoft 365. It will not appear when a user authenticates through an RSA agent, such as the RSA MFA Agent for Windows or the RSA Agent for macOS. Customers need to remind users who authenticate exclusively with RSA agents to upgrade separately. (See the Identifying Users Still Using the RSA Authenticate App section above.)

   

Guidelines for Migrating Credentials to the RSA Authenticator App

• In the past 18 months, over 600,000 users have completed the migration process, moving their credentials from the RSA Authenticate app to the RSA Authenticator app.

• Credential Migration is supported when:

  • Only AM-based credentials are present in the RSA Authenticator app.
  • Only cloud-based credentials are present in the legacy RSA Authenticate app.

• Credential migration is not supported if:

  • The user has ever loaded cloud-based credentials into the RSA Authenticator app, even if the credentials were later removed.
  • Specifically, migration will fail if:
    • The RSA Authenticator app was installed.
    • A cloud-based credential was added.
    • The credential was subsequently removed.

• Workaround: To proceed with credential migration in this scenario, the user must uninstall and reinstall the RSA Authenticator app. This resets the app and enables the migration to complete successfully. 

 Migrating Credentials on a Device with RSA Authenticate App Installed 

To migrate credentials on a device with the RSA Authenticate app installed:

1. Do not uninstall the RSA Authenticate app .
2. On the same device where the RSA Authenticate app is installed, install the RSA Authenticator app .
3. Once installed and launched, the RSA Authenticator app   will automatically detect if the RSA Authenticate app   is currently installed and has valid credentials. The Authenticator app will then prompt the user to migrate their credentials.
4. Follow the on-screen instructions to complete the migration.

• The credentials from the RSA Authenticate app are migrated to the RSA Authenticator app  and removed from the Authenticate app .
• The Authenticate app  registration on My Page is replaced automatically by the Authenticator app registration on the user profile.
• Once migration is concluded, the RSA Authenticator app can be used for all authentication tasks.
• Users can safely uninstall the RSA Authenticate app  from their devices. 
• Users can install the RSA Authenticator app and postpone the migration. However, postponing is strongly discouraged, as it delays the transition. For guidance on managing postponed migrations, refer to the following steps. 

Managing Postponed Migration for Users with both RSA Authenticate  and RSA Authenticator   Apps Installed 

To proceed with migration, users with both apps can use these steps. 

1. Launch the latest version of RSA Authenticator .
   The following prompt may appear, reminding you that credential migration is available. 

Important note: If a user attempts to install new credentials at this stage, the following reminder message will appear. 

2. To continue with the migration, tap More.
3. Tap Migrate credentials from the Authenticate app.
4. Follow the prompts to complete the migration process.

As a security measure common to both the RSA Authenticate app and the RSA Authenticator app, credentials are not directly visible to users. When a user taps View OTP for the first time to access the One-Time Password (OTP), they will be prompted to set a PIN, as shown below. This PIN will then be used seamlessly in the background by the app to allow future access to the OTP.

Upgrading from RSA Authenticate for Windows to RSA Authenticator for Windows

End users can upgrade from RSA Authenticate for Windows to RSA Authenticator for Windows via the Microsoft App Store or their organization's Microsoft Company Portal (if available). Alternatively, Windows Administrators can deploy the RSA Authenticator app using DISM or MSIX through the organization’s Software Configuration Management (SCM) solution.

After a successful upgrade, all credentials from the RSA Authenticate app for Windows are automatically migrated to the RSA Authenticator app upon launch.

History

The RSA Authenticate app on iOS and Android was the original RSA authentication application for RSA Cloud-based services.  It began to be replaced by the next-generation app, initially released as the SecurID app in early 2022, which was eventually renamed RSA Authenticator.

Starting in January 2023, RSA introduced a simplified credential migration path from the original app to the next-generation app on mobile operating systems.

Previous Migration Advisories

 Before support for the RSA Authenticate app on iOS and Android officially ended in late March 2024, the following advisories were published:

• October 2023: Time to Act: Migration Required from RSA Authenticate App to RSA Authenticator App | RSA Community
• December 2023: REMINDER: Support for RSA Authenticate App Ends on March 31, 2024 | RSA Community
• January 2024:  SECOND REMINDER: Support for RSA Authenticate App Ends on March 31, 2024 | RSA Community