Skip navigation
All Places > Products > RSA SecurID Access > Blog > 2018 > July

What is Salesforce? It was the 1st Software-as-a-Service (SaaS) Customer Relationship Manager (CRM) product and currently the leader with the most market share. So what is SaaS?  It is a way of delivering centrally hosted applications over the Internet—as a service. SaaS applications are sometimes called web-based software, on-demand software, or hosted software. What type of data does a CRM contain? Customer and prospect contact information, accounts, leads, and sales opportunities in one central location.


Since Salesforce stores client personal data it naturally becomes a target for hackers. These hackers want your data and they will stop at nothing to get it.


The video showcases me creating a policy that enables a secondary authentication method within the RSA SecurID Access Cloud Authentication Service to protect Salesforce. Thank you for your time in advance!  



 Here is the link to the RSA SecurID Access Salesforce Implementation Guide: Salesforce - Technology Integrations 

Sly Gittens Website: 

Subscribe to my YouTube Channel:

LinkedIn Profile:



Facebook Networking Group:

In the recent What's New in RSA SecurID® Access?  we are excited to announce the release of the RSA SecurID Access Log Events API to retrieve administrator and user event logs from the RSA SecurID Cloud Authentication Service.  You can use the Log Events REST API to import the log events into your security information and event management (SIEM) solution, such as RSA NetWitness, to ensure security and audit compliance. 


For more information on this feature – please check out this additional content.


July 2018 Cloud Authentication Service and Identity Router (IDR) Release


The July release for RSA SecurID Access is now available and contains updates for both the Cloud Authentication Service (CAS) and the Identity Router (IDR). In this release RSA continues to add capabilities to further enhance RSA SecurID Access to be convenient for end users and admin, intelligent to provide powerful authentication and analysis and pervasive, supporting access across a variety of traditional and cloud use cases.

Simplifying the Multi Factor Authentication (MFA) Experience for users of RADIUS-based applications

The July release contains multiple improvements to RADIUS support:

  • Eliminating double password prompts:  If the RADIUS client (e.g., a VPN) is configured to perform primary (password) authentication, RSA SecurID Access no longer requires the user to enter their password a second (redundant) time.  Note that this can also help customers align with the latest PCI guidance for VPN logins. That’s because, under this configuration, RSA SecurID Access prompts for password and MFA in a single screen as PCI DSS 3.2 recommends, and doesn’t act on a second authentication factor sequentially, based on outcome of the primary authentication.
    You can find a video highlighting how this works on RSA Link at:
  • Eliminating extra steps for push-based MFA:  When configured, the extra step of selecting an authentication method at each login is no longer required. After entering User ID and password, a push notification is sent automatically.  Note:  this Auto-Push capability is not enabled when other forms of authentication are enabled for RADIUS access instead of passwords, for primary authentication .


                Fig.1  Auto-push eliminates extra authentication steps


Improved Control and Security of Cloud Authentication Service user status

Over the last few months, we have significantly improved the ability of customer administrators to manage the status of the cloud authentication service users.

Past releases have included the ability to manually enable and disable Cloud Authentication Service users, independent of identity source status, and disable Cloud Authentication Service users when they become disabled in the identity source directory.  We have also added a two-step delete process, to help administrators reverse deletion errors. Using the two-step deletion, manually deleted users are marked as Pending Deletion, and an automated purge process permanently removes them after seven days. This gives the administrator the ability to “Un-delete” before the users are permanently purged.

This month, we’ve added a couple key new capabilities to help organizations address the risks associated with orphaned accounts:

  • Disable missing users: if the sync process cannot find a user in the Identity Source (out of scope or deleted), that user will be disabled in the Cloud Authentication Service.  This improves security: no one can use the Cloud Authentication Service unless they are enabled in the directory. It also supports license management by ensuring that only active Cloud Authentication Service users are enabled for license counting purposes.
  • Delete long-disabled users: for improved efficiency, Cloud Authentication Service users who have been disabled for over 90 days, will be marked for deletion automatically. This feature is configurable – it can be turned off, or set to a different time threshold (30 to 180 days). In this way, users who are unlikely to use the Cloud Authentication Service in the near future, will not appear in lists or searches, making it easier to manage the Cloud Authentication Service tenant. It also improves the efficiency of synchronizations.



Fig.2  Configurable auto-delete


Improving visibility: Administrator activity logs

RSA is providing a new log which records the activity of RSA SecurID Access administrators.  Examples of this type of activity are (list not exhaustive): unlocking a user, changing an authentication policy, adding a new Identity Source.

Customers can leverage the Log Events API which is a REST-based web services interface that allows audit log events to be retrieved from the Cloud Authentication Service. You can use this REST API to import the audit log events into your security information and event management (SIEM) solution, such as RSA NetWitness.


In this way, RSA provides customers with improved visibility into the activities of these privileged users for forensic security, governance auditing and troubleshooting purposes.


Additional Improvements

A number of miscellaneous security and troubleshooting enhancements were added:

  • Support of HTTPS Strict Transport Security (HSTS) forces use of HTTPS secure protocol as server-browser interface for SSO web portal and the Cloud Administration Console. This helps protect transactions and login requests against threats such as protocol downgrade attacks and cookie hijacking.
  • Improved visibility of NTP status to aid in troubleshooting
  • Improved support for proxy server configurations when downloading adapter updates and IDR package updates.
  • Enhanced diagnostics for IDR registration errors


For further details on these improvements, please refer to the Release Notes here:

and product documentation here:

All of these enhancements make RSA SecurID Access an even more convenient and secure solution for your authentication needs.


Are you a visual learner? I am too! This video showcases mobile fingerprint biometric authentication. 


If you love my video subscribe and like my youtube channel.


"Static passwords are adorable, but sophisticated attackers don’t just bypass them, they utilize them to advance their attack." Verzion Data Breach 2016 Report


What is mobile fingerprint biometric authentication?

Fingerprint recognition refers to the automated method of identifying or confirming the identity of an individual based on the comparison of two fingerprints. Fingerprint recognition is one of the most well-known bio-metrics, and it is by far the most used bio-metric solution for authentication on computerized systems.


Why use mobile fingerprint biometric authentication with your Fortigate?

If you are granting remote workers to your internal environment via a FortiGate, it is critical to ensure your employee's identity. It is essential to have a Multi-factor Authentication solution that provides you convenience without compromising security. Implementing mobile fingerprint biometric authentication provides strong second-factor authentication that is needed in today's business environments.


Why RSA SecurID Access?

Whether you need two-factor authentication (2FA), multi-factor authentication (MFA) or mobile MFA, RSA offers a wide range of authentication methods including push notifications, SMS, OTP, biometrics, and hardware, software and FIDO tokens. And whether you want to deploy on-premises or go with a SaaS option, RSA SecurID Access has you covered.


Follow me on Social Media 

✦ Sly Gittens Website:

Subscribe to my YouTube Channel:

✦ LinkedIn Profile ➜

✦ Instagram ➜

✦ Twitter ➜

✦ Facebook Networking Group ➜

Amazon Web Services #AWS is a subsidiary of, which offers a suite of cloud computing services that make up an on-demand computing platform. AWS has more than 90 services that span a wide range including compute, storage, networking, database, analytics, application services, deployment, management, mobile, developer tools and tools for the Internet of things. Amazon markets AWS as a service to provide large computing capacity quicker and cheaper than a client company building an actual physical server farm. RSA SecurID Access, the world’s most widely deployed multi-factor authentication #MFA solution, helps to secure access in a world without boundaries.


RSA SecurID Access provides convenient, secure access to on-premises, #web#mobile and #cloudapplications, and eliminates access blind spots by giving you visibility into and control over access across your organization. RSA SecurID Access offers a broad range of authentication methods including modern mobile multi-factor authenticators (e.g., push notification, one-time password, SMS, and biometrics) as well as traditional hard and soft tokens for secure access to all applications regardless of whether they live on premises or in the cloud.


✦ RSA Ready Amazon Technology Integrations: 


















Filter Blog

By date: By tag: