- Emergency Tokencode is supported for thick RADIUS clients and for Cisco Adaptive Security Appliance (ASA). RADIUS users who forget or misplace their registered devices can access protected SaaS and web applications using Emergency Tokencode by selecting it from the list of available authentication options. You can also customize your Cisco ASA to accept Emergency Tokencode. Perform the customization before you update the identity router. For instructions, see Customize the RSA SecurID Access Web Interface for a Cisco Adaptive Security Appliance.
- The following configuration improvements affect SAML-enabled web applications when the Cloud Authentication Service is the identity provider:
- You can require the identity provider to send AuthnContextClassRef in the SAML response as PasswordProtectedTransport to indicate that the password exchange must use a secure transport
method. Previously, AuthnContextClassRef was sent as Password.
- You can configure multivalued attributes to send each value in a separate attributeValue element. Previously, these values were separated by commas. For instructions, see Configure Advanced Settings for a SAML Connection.
- You are now allowed to customize the default attribute mappings for Active Directory identity sources. For more information, see Directory Server Attributes Synchronized for Authentication.
- RSA Link now provides complete documentation describing how to use operators when specifying LDAP attributes in access policies. For more information, see Operators for Using LDAP Attributes in Access Policies (LINK TO TOPIC).