August 2018 Cloud Authentication Service Release
The August release for the RSA SecurID® Access Cloud Authentication Service is now available. In this release RSA continues to add capabilities to further enhance RSA SecurID Access to be convenient for end users and admin, intelligent to provide powerful authentication and analysis and pervasive, supporting global access across a variety of traditional and cloud use cases.
Facilitating Privileged User Authentication for the Cloud Administration Console
RSA SecurID® Access administrators in your organization have extensive access privileges. Therefore, access attempts of these privileged users need to be appropriately authenticated. In this release of RSA SecurID® Access validation of the multifactor authentication policies that govern console access is improved to prevent accidental user lockout, which would require a support call to RSA to resolve.
The graphic below shows how the console prevents you from selecting a policy that locks you out of the console.
Fig.1 Warning message to clarify the problems with selected policy
Improved Visibility of Cloud Authentication Service User Status
Over the last few months, we have significantly improved the ability of administrators to manage the status of Cloud Authentication Service users.
Past releases delivered capabilities to:
- Manually enable and disable Cloud Authentication Service users, independent of identity source status for improved local control over user status
- Automatically disable Cloud Authentication Service users when they become disabled or missing (due to deletion or transfer out of relevant groups) in the identity source directory.
- Help administrators reverse deletion errors via a two-step delete process. With two-step deletion, deleted users are marked as Pending Deletion, and an automated purge process permanently removes them after seven days. This gives administrators the opportunity to “Un-delete” before the users are permanently purged in case of error.
- Streamline user maintenance with automated deletion of long-disabled users. Busy administrators who prefer more automated user maintenance, can select an option to delete long-disabled users. On by default and set to select users disabled 90 days, this option can be configured for different number of days or turned off completely. In this way, all the automated cleanup processes can work together to remove users from the cloud who no longer need access.
In the August release, we’ve improved reporting of user status. The previously available users report now provides better visibility into user status information to help organizations better manage user populations. By exporting the user report file and importing into a spreadsheet, administrators can quickly identify disabled or deleted (awaiting purge) users for status confirmation and follow-up where needed. In addition enabled users can be counted for license management purposes.
Below is a sample of the report in spreadsheet format, highlighting the new column.
Fig.2 User report
For more information on these capabilities, refer to: https://community.rsa.com/docs/DOC-75846
Faster Time to Value: Preconfigured Policies
RSA SecurID® Access now provides predefined access policy templates with all new cloud accounts. Using these policies, new customers need not create custom access policies before they can configure their first application. Instead, they can choose from one of the simple preconfigured policies to associate with their applications. If further customization is desired, these policies can be cloned and modified as desired, while maintaining the original copies to use as templates for future policy definition.
The new policies are shown below.
Figure 3. Preconfigured Policies
Serving a Global Customer Community
The RSA SecurID® Access Cloud Authentication Service is now available in Australia!
Hosted in Microsoft Azure Australia (Canberra), RSA SecurID® Access’s new hosting location enables compliance with Australian and New Zealand Privacy Legislation. Furthermore, local hosting means faster network performance across the wider Asia-Pacific region.
For further details on these improvements, please refer to the Release Notes here:
and product documentation here:
All of these enhancements make RSA SecurID® Access and even more convenient and secure solution for your authentication needs.