Robin Cohan

What’s new in RSA SecurID® Access?  November 2018 Cloud Authentication Service Release

Blog Post created by Robin Cohan Employee on Nov 19, 2018

The November release for the RSA SecurID® Access Cloud Authentication Service (CAS) is now available. This month, we expand deployment flexibility in a number of different ways to provide even more business agility and operational efficiency, empowering your admins and users to have the flexibility they need to support business needs.

Identity Router in the cloud - Amazon Web Services Deployment

It is now possible to install the Identity Router (IDR) in your private Amazon Web Services (AWS) space, saving time and effort to deploy the IDR in your on-premises environment.


No longer does RSA require an on-premises footprint for the IDR.


From AWS EC2, the Identity Router connects back to your on premise Active Directory/LDAP identity source to support a hybrid cloud deployment. Using this hybrid cloud deployment model, you can continue to host your Authentication Manager on-premises and use RSA SecurID hardware/software tokens to protect critical cloud applications. The Identity Router in AWS will connect to your on-premises Authentication Manager via VPN connection or AWS Direct connect. Having said that, watch for further cloud deployment developments next month on the Authentication Manager side!

The Identity Source can also be hosted in AWS or other cloud environments (ex: Azure) to support a full multi-cloud deployment.

The download and distribution of IDR AMI image is fully automated. Administrators can launch an AMI image in EC2 by entering your relevant AWS account credentials in RSA’s Cloud Authentication Service console. The AMI image will be shared securely to your private EC2 space based on explicit permissions for those specific AWS accounts.

This now gives you 3 flexible deployment options for the IDR:  VMWare, Hyper-V and AWS.

Help Desk your way: Administration APIs to integrate CAS into your application

This month, we are announcing the release of a series of administration APIs, to support the integration of RSA SecurID® Access with your service desk applications.

Using these REST APIs, integrated into your service desk application, allows your Help Desk staff to use familiar user interfaces to search for RSA SecurID® Access users, unlock their devices, delete unused devices and update SMS and Voice option telephone numbers. 

This integration can help reduce the learning curve for adopting RSA SecurID® Access and reduce additional training requirements for your help desk administrators.

Stay tuned here! More APIs to support additional use cases are planned for subsequent releases.

Expanded device self-service to reduce Help Desk calls

This month, the new MyPage self-registration portal, adds a capability for a user to delete their device. Using this in conjunction with the previous registration capability means a user can add, delete or change (via delete of old and add of new) a device.  A major step forward to empowering end user self-service and thereby reducing Help Desk traffic!

Expanded RADIUS support - Clientless SSL VPN support

This month, we add a new feature enhancing the user experience for application-specific VPN access - when logging in through a RADIUS-based clientless SSL VPN portal. RSA SecurID® Access now provides end-users with an improved user experience for Cisco’s clientless SSL-based VPN portals. Administrators can download the new web toolkit from RSA SID Access Cloud authentication console and deploy the toolkit in Cisco ASDM as part of configuring the clientless SSL VPN.

Typically, clientless SSL VPN solutions are used to provide application specific VPN access, creating captive portals on the wireless network for secure access. Most customers prefer RADIUS-based integration for these types of integrations due to the inherent flexibility and power of configuring security policies. But this can come at the expense of diminished user experience. With RSA’s new web toolkit, you can continue to use RADIUS-based integration while still providing a great end user experience. You can provide a better user experience whether an end user is trying to access Microsoft OWA (as an example) or a business partner is trying to gain access to a wireless network.

You can also continue to use the recently introduced RADIUS Auto-Push notification and provide a passwordless experience to users of RADIUS-based applications using this new web toolkit and elevate your end users’ experience.


Figure 3.  Cisco Clientless SSL VPN step-up authentication end-user experience


Expanding MFA reach: monthly connector updates

RSA Partner Engineering continually releases new and updated RSA SecurID® Access connectors.  Connectors are the bridge between RSA SecurID® Access and the resources it’s protecting.  RSA has hundreds of RSA SecurID® Access connectors available, including those for the leading applications you may be looking for. (see link below for complete list).


Later this week, these new connectors are planned: Barracuda Web Application Firewall, GoAnywhere, ProxyClick, Salsify, Scale FT, Shuffler, SignalFX, Workato.

Our extensive catalog of connectors helps customers extend their use of RSA SecurID® Access - helping protect the resources that matter most to you.  See the catalog at:


For further details on all the new and updated capabilities of the November release, please refer to the Release Notes here: 

and product documentation here:


All of these enhancements make RSA SecurID® Access and even more convenient, pervasive and intelligent solution for your authentication needs.