RSA SecurID Access Product Release Notes

Document created by Joyce Cohen Employee on Jun 15, 2018Last modified by Andrea Taylor on Feb 18, 2019
Version 57Show Document
  • View in full screen mode

Release notes provide information about what's new in each release of each RSA SecurID Access component, including feature descriptions, product enhancements, and fixed issues.

 

Cloud Authentication Service

 

ReleaseWhat's New 
February 2019
  • The disaster recovery environment for the Cloud Authentication Service is available for the EMEA and AUS regions.
  • You can monitor the current and historical uptime of the Cloud Authentication Service and the Cloud Administration Console on a service status page.
  • To receive frequent updates on the Cloud Authentication Service availability, use the Health Check API to integrate with your application monitoring product.
  • RSA SecurID Authenticate 2.3.0 for Android and RSA RSA SecurID Authenticate 2.2.0 for iOS support simplifying device registration with Enterprise Mobility Management (EMM) technology that supports the AppConfig Community standards, such as VMWare AirWatch. 
  • To align with the Google migration to Firebase Cloud Messaging (FCM), RSA SecurID Authenticate 2.2.0 for Android uses FCM for push notifications. Users must take action by updating to version 2.2.0 or higher of the app by March 31, 2019.
February 5, 2019RSA SecurID Authenticate 2.2.1 for Android resolves an issue with app instability on Samsung devices running Android 9 Pie.
January 2019
  • RSA SecurID Authenticate for Android now uses updated push notification service
  • New Administration APIs expand integration of Help Desk functions into your existing tool framework
  • Improved mobile browser authentication experience
  • Ability to control if users can delete devices in My Page
  • Support for Active Directory 2019
  • Disaster recovery environment available for US region
November 2018
  • Deploy identity routers in the Cloud using Amazon Web Services
  • Users can delete registered devices in My Page
  • New Administration APIs available to integrate help desk functions into your existing tool framework
  • Improved documentation for configuring high availability deployments
  • Updated RSA SecurID Authenticate apps
October 2018
  • You can protect Workday, ServiceNow, and Microsoft Office 365 without using the SSO Agent.
  • RSA SecurID Authenticate 2.0.2 for Android contains bug fixes.
October 15, 2018RSA SecurID Authenticate 2.0.1 for iOS is qualified with iOS 12 and contains bug fixes.
September 27, 2018RSA SecurID Authenticate 2.0.1 for Android contains bug fixes.
September 2018
  • RSA SecurID Access My Page, a new web-based portal that uses multifactor authentication and QR or limited onetime-use numeric registration codes to allow users complete device registration.  This feature enhances the security of device registration while minimizing user friction.
  • Updates for RSA SecurID Authenticate 2.0.0 for iOS, RSA SecurID Authenticate 2.0.0 for Android, and RSA SecurID Authenticate 3.0.0 for Windows 10.
  • User Event Log API is available to export user audit logs from the Cloud Authentication Service. This feature improves auditing and security monitoring of end-user activity, which is useful for compliance audits, troubleshooting, risk assessment, and security information and event monitoring (SIEM) analysis.
  • A new preconfigured access policy that applies a context-driven criterion using the Identity Confidence attribute to determine if additional authentication is required is available to Premium edition customers.
  • Improved log messages for user synchronization events makes troubleshooting easier when users are
    automatically re-enabled or disabled in the Cloud Authentication Service, or when users are not found in the directory server during synchronization.
August 29, 2018

RSA SecurID Authenticate 1.8.0 for iOS and RSA SecurID Authenticate 1.6.3 for Android contain bug fixes. For more information, seeCritical Updates for RSA SecurID Access Components Used with the Cloud Authentication Service.

August 2018
  • Three preconfigured access policies are available to new customers only for faster setup. They can be used as is, or cloned and customized.
  • You have greater visibility into your user population through user reports that display your users’ Enabled and Disabled status.
  • Unintentional lockout is prevented when you configure strong authentication for the Cloud Administration Console.
July 2018
  • Automatic bulk user deletion provided to prevent inefficiencies that result from processing large numbers of disabled users.
  • Users missing from the directory server are disabled during identity source synchronization.
  • Push notifications are sent automatically to RADIUS users without user selection.
  • LDAP Password Not Required During Authentication When Managed by the RADIUS Client
  • To ensure audit log compliance with industry standards, the Cloud Authentication Service now supports a
    REST API to retrieve Administration logs from the service.
June 2018
  • Support for RSA Authentication Agent for Microsoft AD FS to connect your AD FS server to the Cloud Authentication Service, providing cloud-based multifactor authentication.
  • Simplified access policy wizard.
  • The Authentication Source, IP Address, and Trusted Network condition attributes available to the RSA SecurID Authenticate Device Registration policy.
  • System Event Monitor for improved troubleshooting.
  • RSA SecurID Authentication API enhancements.
May 2018
  • Support for requiring device unlock before using the Approve method.
  • Ability for access policy to control which users can complete registration. 
  • Two-step user deletion supported for improved user management.
  • LDAPv3 account status synchronized to the Cloud Authentication Service.
  • Simplified planning and setup instructions in new Quick Setup Guides.
April 2018
  • Disabled or expired users automatically disabled in the Cloud Authentication Service after manual, scheduled, or just-in-time synchronization (Active Directory only).
  • Support for using the Cloud Administration Console to manually enable and disable users (applies to users from Active Directory and LDAPv3 directory servers).
  • RSA SecurID Authenticate 2.0.1 for Windows supports Approve and Device Biometrics authentication. To leverage native biometric authentication capabilities, Device Biometrics supports any Windows Hello signin option.
March 2018

Updates for RSA SecurID Authenticate 1.5.6 for iOS and RSA SecurID Authenticate 1.5.8 for Android include: 

  • To ensure that your users have a consistent and familiar experience and to leverage the native biometric authentication capabilities of mobile devices, Eyeprint ID has been removed from the apps.
  • Face ID supported for Device Biometrics authentication, along with Touch ID and Android fingerprint.

Archive

Release notes prior to March 2018.

 

RSA Authentication Manager

ReleaseWhat's New
Version 8.4
  • Obtain the Azure virtual appliance from the Azure Marketplace
  • Easier access to RSA SecurID-protected resources for multifactor authentication users
  • Major platform upgrades to enhance security, including upgrades to FIPS compliance
  • Ability to delete a console or virtual host certificate
  • Upgrade path from version 8.3
Version 8.3
  • Amazon Web Services deployment
  • Token distribution and management enhancements
  • Agent reporting enhancements
  • Authentication Manager Bulk Administration (AMBA) utility integrated into Authentication Manager for Enterprise Server license customers.
  • Upgrade path from version 8.2 SP1
Version 8.2 SP1
  • Cloud Authentication Service users can access on-premise resources protected by SecurID agents.
  • Remotely restore original system settings to an RSA SecurID Appliance 250 hardware appliance
  • Numerous additional improvements 
  • Upgrade path from version 8.2
Version 8.2

Includes support for:

  • Upgrade path from version 8.1 SP1 with or without patches. Direct migration from version 6.1 or 7.1 is not supported.
  • Ability to create a custom token expiry notification that calculates when tokens must be ordered based on the number of tokens available, the number of tokens that are assigned, and the number of tokens that are expiring within a specified time.
  • IPv6 addresses for RADIUS clients.
  • Extending the lifetime of a distributed software token that has expired or will expire soon.
  • Ability to display a custom logon banner before users log on to the Operations Console, the Security Console, the Self-Service Console, or the appliance operating system with a Secure Shell (SSH) client. 
  • “FIPS-inside” by including FIPS-compliant cryptographic library module RSA BSAFE® Crypto-J 6.1 (NIST Certificate # 2058).
  • Internal SHA-256 certificates for communication between components, such as primary and replica instances and the web tier. 
  • The Transport Layer Security (TLS) 1.2 cryptographic protocol for secure network communications. 
  • Integration with RSA Via Access (now the Cloud Authentication Service), a cloud-based authentication service. 
  • On the virtual appliance, uploading an Evaluation License during Quick Setup automatically creates 25 temporary software tokens that expire after 6 months.
  • The Hyper-V virtual appliance on a Microsoft Windows 2012 host machine and a Microsoft Windows 2012 R2 host machine.
  • The Authentication Manager Bulk Administration (AMBA) utility automates administrative operations for large new token deployments or token replacements, and simplifies the bulk administration of users, user groups, tokens, and agents.
  • Additional trusted realm support.
  • Use of nonstandard email domains.
  • List user group membership in reports.
  • Qualified on VMware ESXi 5.5 and 6.0.
  • OpenLDAP qualified to run as an external identity source.
  • Authentication Manager Bulk Administration (AMBA) utility added to the Extras kit.
  • A downloadable ISO file provides a method for restoring a hardware appliance.

Factory Reset is no longer supported.

Version 8.1 SP1
  • Hyper-V virtual appliance support.
  • Support for SUSE Linux Enterprise Server (SLES) 11 Service Pack 3 with a fully patched SP 2 kernel.
  • Support for Web tiers on Microsoft Windows Server 2012 R2
  • When you deploy dynamic seed provisioning, you can choose to distribute a CT-KIP URL and activation code encapsulated in a QR Code.
  • Active Directory in Windows Server 2012 R2 has been qualified to run as an external identity source with RSA Authentication Manager 8.1 SP1.
  • Security enhancements and fixes.
  • Software fixes in the cumulative Patch 5 for version 8.1.
  • Additional appliance platform support.

Version 8.1 SP1 is pre-installed on the Hyper-V virtual appliance.

Version 8.1 is pre-installed on the VMware virtual appliance and the hardware appliance.

Version 8.1

Includes support for:

  • Upgrade path from RSA Authentication Manager 8.0 with or without patches.
  • A hardware appliance and a virtual appliance.
  • Factory reset.
  • Ability to upgrade RSA SecurID Appliance 3.0 (SP 4 or later) to RSA Authentication Manager 8.1 on the Dell PowerEdge R210, R210XL, R710, or the R710XL.
  • Ability to configure an additional network interface card (NIC).
  • Promoting a replica instance while the original primary instance is  and functioning.
  • New report templates.
  • Unrestricted agent access using an alias.
  • Quick Setup Access Code.
  • BlackBerry 10.

 

Authentication Agents

ReleaseWhat's New
Version 2.0 Microsoft AD FS

Includes support for:

  • Authentication using RSA Authentication Manager and the Cloud Authentication Service 
  • Reporting
  • FIPS environment
  • Data collection used to establish a level of identity confidence for a user.
  • Coexistence with ADFS Agent Version 1.0.2
Version 1.0.2 Microsoft AD FS

Includes support for:

  • Microsoft AD FS 2016 in Windows Server 2016.
  • Transport Layer Security (TLS) 1.2 when registering the AD FS Agent with RSA Authentication Manager 8.2.
Version 8.0.2 for Web for ApacheIncludes security fixes and other software updates.
Version 8.0.1 for Web for Apache

Includes support for:

  • Apache Web Server version 2.2.x and Apache Web Server version 2.4.x on Red Hat Enterprise Linux 6.6 (32-bit and 64-bit) and Red Hat Enterprise Linux 7.1.x (64-bit only).
  • Event, prefork, and worker mode on Apache Web Server 2.2.x and Apache Web Server 2.4.x.
  • TCP/IP and IPv6
Version 7.1.4 for Web for ApacheIncludes bug fixes and support for Apache Web Server 2.2 with Red Hat Enterprise Linux 6, 32-bit and 64-bit.
Version 7.3.3 for Microsoft Windows

Includes support for:

  • Multiple Remote Desktop applications, in addition to Microsoft’s “Remote Desktop Connection”.
  • Ability to configure the RSA Credential Provider credential tile to use the standard Windows image for Windows 7 and Server 2008.
Version 7.3.2 for Microsoft Windows
  • Supports Windows Server 2016.
  • Accepts credentials from remote applications such as Citrix® XenApp® and Microsoft Remote Desktop Connection. Users who are not required to authenticate with RSA SecurID do not need to enter credentials twice when using those applications.
  • Bug fixes.
Version 7.3.1 for Microsoft Windows
  • Includes GPO template files in .admx/.adml format, which is required when importing files to the group policy Central Store.
  • Bug fixes.
Version 8.1 for PAM
  • In Cloud Authentication Service mode, users can authenticate using the SMS Tokencode and Voice Tokencode authentication methods.
  • Updated operating system version support:
    • RHEL 6.10 (32-bit and 64-bit) and RHEL 7.5 (64-bit)
    • CentOS Linux 7.5 (64-bit)
    • Oracle Linux 6.10 (64-bit) and Oracle Linux 7.5 (64-bit)
    • SUSE Linux Enterprise Server 11 SP4 (32-bit and 64-bit), SUSE Linux Enterprise Server 12 SP3 (64-bit), and SUSE Linux Enterprise Server 15 (64-bit)
    • Solaris SPARC 10.5 (32-bit and 64-bit) with Zones and Solaris SPARC 11.2 (32-bit and 64-bit)
    • Solaris x86 10.5 Update 11 (32-bit) and Solaris x86 11.2 (32-bit)
    • AIX 7.1 TL3 (SP5) Power 6 (32-bit and 64-bit) and AIX 7.2 TL1 (SP2) Power 8 (32-bit and 64-bit)
Version 8.0 for PAM
  • Ability to authenticate to the Cloud Authentication Service (in REST mode) or RSA Authentication Manager (in REST mode or UDP mode).
  • In REST mode, the PAM agent can send additional information to RSA Authentication Manager for agent reporting.
  • Version 8.0 includes RSA SecurID Authentication Agent 7.1 for PAM features, such as support for SELinux, support for Exponential Backoff, and an option for a silent, unattended installation.
  • Support for the following operating systems:
    • AIX 7.1 TL3 (SP5) Power 6: 32-bit and 64-bit and AIX 7.2 TL1 (SP2) Power 8: 32-bit and 64-bit 
    • RHEL 6.8: 32-bit and 64-bit, RHEL 7.1: 64-bit and RHEL 7.3 64-bit 
    • Oracle Linux 6.8 64-bit and Oracle Linux 7.3 64-bit 
    • Solaris SPARC 10 (32-bit and 64-bit), for which RSA recommends Update 8 or later, Solaris SPARC 10.5 (32-bit and 64-bit) with Zones, Solaris SPARC 11.2 (32-bit and 64-bit), Solaris x86 10.5 Update 11 (32-bit), and Solaris x86 11.2 (32-bit) 
    • SUSE Enterprise Linux Server version 11 SP3 or later (32-bit and 64-bit) and SUSE Enterprise Linux Server version 12 (64-bit)
Version 7.1.0 Patch 2 for PAM

Includes support for:

  • Red Hat Linux 7.3
  • Oracle Linux 6.8 64-bit and 7.3 64-bit
  • IBM AIX 7.1 64-bit and 7.2 32-bit and 64-bit
  • Silent Installation
Version 7.1 for PAM

Includes support for:

  • SELinux on RHEL
  • Exponential Backoff
Version 7.0.2 Patch 1 for PAM

Supports Exponential Backoff.

Version 1.5 for Citrix Storefront
  • Supports Citrix StoreFront version 3.12 and 3.13.
  • The process to configure RSA SecurID authentication in the Citrix Storefront Management Console has been updated for Citrix StoreFront version 3.12 and 3.13.
Version 1.0.2 for Citrix StorefrontProvides RSA SecurID and RSA Authentication Manager Risk-Based Authentication (RBA) for authenticating users inside and outside of the corporate firewall.
Version 8.0.2 for Web for IIS
  • Security fixes and other software updates.
  • Supports Windows Server 2016, Internet Information Services 10, and Outlook Web App on Windows Server 2016 (64-bit only).
Version 8.0.1 for Web for IIS

Includes support for:

  • Microsoft Exchange Server 2016 and Microsoft SharePoint Server 2013 SP1 on Windows 2008 R2 SP1 with IIS 7.5.
  • Back-end SharePoint Web App Servers.
  • Expanded wildcard support for long-term persistent cookie URLs.
  • Idle timeout support for persistent cookies.
  • SharePoint sign out command deletes all session cookies and persistent cookies
  • Ability to disable the RSA Response Interceptor Module.
SDK 8.6 for C 

Includes support for:

  • FIPS
  • New APIs for TCP
  • Additional Windows and Linux platforms
  • Direct migration from the SDK 8.1 and SDK 8.5
  • Backward compatibility
  • IPv6 
SDK 8.6 for Java

Includes support for:

  • FIPS 
  • New Java methods
  • LINUX and Windows
  • Direct migration from the SDK 8.1 and 8.5
  • IPv6 
API 8.5.1 for CBug fixes.
API 8.5 for C

Includes support for:

  • IPv6
  • Backward compatibility
  • Improved cryptography
  • New agent-server trust model
  • Synchronous calls for asynchronous calls
  • Round-robin load balancing
API 8.5 for Java

Includes support for:

  • IPv6 
  • Backward compatibility
  • Improved cryptography
  • New agent-server trust model
  • New agent management
  • Round-robin load balancing

 

 

Token Authenticators

ReleaseWhat's New
RSA SecurID 800 Hardware Token Registry UpdateBug fixes.
RSA SecurID Software Token 2.4.0 for AndroidBug fixes.
RSA SecurID SDK 2.4.0 for Android
  • The file jcmandroidfips.raw was added.
  • The file jcm.jar was removed.
RSA SecurID Software Token 1.0 for Blackberry 10
  • Qualifies OS 10.3.x.
  • Supports BlackBerry OS version 10.2.0.1155 or later.
  • Bug fixes.
RSA SecurID Software Token 2.4.7 for iOSBug fixes.
RSA SecurID SDK 2.4.0 for iOSSupports two new instance methods, changeDataAccessMode and getDataAccessMode.
RSA SecurID Software Token 1.0 for Windows PhoneAllows users to install the SecurID Software Token application on the Windows Phone and access a tokencode (a random number that changes every 30 to 60 seconds) to log on to resources protected by RSA SecurID.
RSA SecurID Software Token 2.3 for Windows Mobile

Includes support for:

  • Windows Mobile 6.1
  • Dynamic Seed Provisioning
  • Fob-style software tokens
  • Additional customization options
RSA SecurID Software Token with Automation 4.1.2 for Windows and Mac OS X
  • Supports 64-bit Windows and Mac OS operating systems.
  • Allows 64-bit VPN applications to integrate with the 64-bit SecurID application.
RSA SecurID Software Token 4.1 (desktop application)

Includes support for:

  • Additional operating systems
  • SecurID integration with additional VPN client applications
  • Additional logon methods with VPN client applications
  • Device binding enhancements
  • Additional customization policies
  • Additional web browser plug-ins
  • Logging enhancements
  • Improvements for screen readers
  • Token provisioning enhancements
  • New installation options
  • RSA SecurID 800 authenticator with RSA Smart Card Middleware.
  • Resolved issues with RSA SecurID 800 authenticator
RSA SecurID Desktop Token 5.0.2 for Microsoft Windows

Changed location for the Device Name and Device Serial Number registry entries.

RSA SecurID Desktop token 5.0.1 for Microsoft Windows

When the application is installed in the default location on the local hard drive, then launching the application for the first time creates registry entries for the token storage device name and the device serial number.

RSA SecurID Software Token Converter 3.1You can convert an SDTID file to a QR Code for RSA SecurID Software Token 2.0 for iOS and apps built with the RSA SecurID SDK 2.0 for iOS.

 

 

Attachments

    Outcomes