Nathan Furze

What’s new in RSA SecurID® Access:  RSA Authentication Agent v2.0 for Citrix Storefront and the March 2019 Cloud Authentication Service Release.

Blog Post created by Nathan Furze Employee on Mar 25, 2019

Advanced Mobile Authentication for Citrix Storefront

We are happy to announce the release of the RSA Authentication Agent v2.0 for Citrix StoreFront. The Citrix Storefront agent is authentication software that provides Citrix StoreFront with a seamless authentication experience and additional mobile authentication methods for users inside and outside of the corporate firewall. For more details please refer to the Release Notes.

The March release for the RSA SecurID® Access Cloud Authentication Service is now available.

This month’s release contains the following features:

Reduce Digital Risk with Threat-Aware Authentication

Threat-aware authentication allows you to control whether high risk users are allowed to access protected resources or if these users must authenticate at a higher assurance level than other users. Users might be identified as high risk because their accounts have been compromised, or because a third-party security information and event management (SIEM) solution, such as RSA NetWitness, has found suspicious activity. Additional details can be found here - Drive Intelligent Access Decisions with Identity Insights and Threat Context to Reduce Digital Risk  

Enhanced Policy Support for Multiple RADIUS Profiles

To accomodate the varied levels of privilege and policy across RADIUS clients, such as firewalls, VPN and others, RSA SecurID Access now supports multiple RADIUS profile configurations.  You will be able to create custom RADIUS profiles that specify an access policy rule set to identify which users can authenticate through the clients associated with the profile. You will be able to associate multiple profiles with a single client, or the same profiles with multiple clients. More details on how to leverage multiple RADIUS profiles can be found here - Multiple RADIUS Profiles Provide Policy-Driven Granular Control 

Improved Visualization of the Identity Router for Simplified Management

This release introduces improved visualization of the identity router status in the administrators cloud console to more quickly understand the root cause of any issues.  Additional details can be found here - Troubleshooting Identity Router issues made easier  

Improved Identity Router Troubleshooting

We have added capabilities to enabled debug logging on the identity router before it has connected to the clouds service. Previously you had to connect the identity router to the cloud service before you could enabled debugging. Additional details can be found here - Enhanced Troubleshooting Before You Connect to the Cloud 

Add Users to the Cloud When You Need Them

Just-in-time user provisioning will sync the user to the cloud, at the time of first authentication, if they are in scope for the service. This allows new users to use the service even if they have not previously been synchronized to the cloud We have enabled “just-in-time provisioning” by default for all new RSA SecurID Access customers. Existing customers will need to navigate to turn on just-in-time synchronization before they can leverage the feature. Additional details can be found here - Add Users to the Cloud Only When you Need Them 

Updated Support for FIDO2

We are adding support for FIDO2 hardware tokens which use public/private key cryptography.  FIDO2 can be used for step-up authentication as part of conditional Policy to get access to web applications using Chrome, FireFox and Edge browsers. We continues to allow in-line registration and management for this authenticator. RSA continues to evaluate FIDO as a convenient and secure way to authenticate. FIDO2 hardware tokens are now supported on more browsers (including mobile browsers). A full list of supported browsers can be found here - Cloud Authentication Service User Requirements

Role permissions for select administrator API commands

To ensure correct API role permissions – when you generate an administrator API key you will have to select either the helpdesk or super administrator role for that key. Some REST APIs will be limited only to the super administrator role. A full list of REST APIs can be found here - Manage the Cloud Administration API Keys 

For further details on all the new and updated capabilities of the March release, please refer to the Release Notes here:

RSA SecurID® Access Release Notes: Cloud Authentication Service and RSA SecurID Authenticate App 


and product documentation here:


All of these enhancements make RSA SecurID® Access and even more convenient, pervasive and intelligent solution for your authentication needs.