August 2025 - Cloud Access Service
Critical Notices
The following urgent notices relate to mandatory upgrades and important changes within the RSA environment. Immediate action is required to prevent potential service disruptions.
Mandatory Upgrade Required by October 6, 2025
Following Google's decision to stop recognizing Entrust as a trusted Certificate Authority (CA), RSA must transition to an alternative CA beginning the week of October 06, 2025. To ensure continued functionality, you must update or upgrade the necessary on-premises RSA components prior to this date. Failure to complete the required updates may result in significant service disruptions.
Refer to the following advisories for details on upgrading the components:
Infinispan Upgrade in Identity Router (IDR) 12.23.0.0.X Requires Cluster-Wide Version Consistency
Note: This upgrade applies to proxied applications on the IDR SSO Portal that store your credentials.
The upcoming Identity Router (IDR) 12.23.0.0.X release, as outlined in the Identity Router Update Schedule and Versions table, includes a critical Infinispan upgrade. During the upgrade process, if IDRs within a cluster are running different versions, they will continue to serve requests; however, keychain synchronization may be temporarily impacted. These functions will automatically resume once all IDRs in the cluster have been upgraded to the same version. Before performing an in-place upgrade, RSA strongly recommends creating a snapshot of the virtual machine for VMware and Hyper-V-based routers, or of the storage volume for AWS-based routers to ensure recovery options are available if needed.
Notes:
-
All IDRs in a cluster must run the same version to prevent replication disruptions.
-
If you plan to add a new IDR using the 12.23.0.0.X template while other IDRs in the cluster are still on 12.22.0.0.X, you must first upgrade all existing IDRs to version 12.23.0.0.X before introducing the new node.
-
Backup files created with earlier versions will not be restorable after upgrading to 12.23.0.0.X.
-
RSA strongly recommends creating new backups immediately after completing the upgrade.
-
Keychain replication does not apply to Embedded IDRs, as they do not support the IDR SSO Portal. Therefore, this update does not apply to AM Embedded IDRs.
-
Backups apply specifically to the HTTP Federation (Fed) application in the IDR SSO Portal.
This action is essential to maintain cluster stability, ensure successful replication, and avoid potential service issues.
Identity Router Update Schedule and Versions
Identity routers will be updated according to the following schedule. Downloading the new identity router image when you deploy new identity routers ensures that you benefit from the latest security improvements.
| Date | Description |
|---|---|
|
EU/ ANZ/ JP/ CA/ GS: September 2, 2025 US/ FedRamp Gov/ IN: September 3, 2025 | Updated identity router software is available to all customers. |
| Default: Saturday, October 25, 2025 | Default date when identity routers are scheduled to automatically update to the new version unless you modify the update schedule or update manually. |
| Last: Saturday, November 15, 2025 |
If you postponed the default date, this is the last day when updates can be performed. |
Use of Company-Specific URLs Required
As a follow-up to the November 2024 Release Announcement, non-company-specific URLs will soon be removed. Please update the affected service URLs immediately. For more information, see transition guide here: Company-Specific Administrative URLs Update Instructions. Administrators must use their designated company-specific URLs for all access, including API interactions, AM configurations, SCIM configurations, or redirected URLs from identity providers (IdPs).The access through the non-company specific URL is not yet blocked. It will be blocked potentially resulting in a loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com ). To ensure uninterrupted access, administrators should promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as needed. If your Identity Router (IDR) software version is earlier than 12.22.0.0.32, you must upgrade your IDR to 12.22.0.0.32 or later to avoid any disruptions when non-company-specific URLs are deprecated.
Starting with the June release, a banner warning appears for 24 hours whenever a non-company-specific URL is used for the following:
- Log in to the Admin Console via password or third-party IDP.
- Access the Admin REST APIs.
In addition, an audit event is logged once per day whenever a non-company-specific URL is used for third-party IDP login and Admin API access. You can view this event in the Admin Event Viewer.
Subscribe to status.securid.com for the Cloud Access Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Authentication Service, subscribe to https://status.securid.com.
Cloud Access Service Updates
The following subsections outline the new and enhanced features of the Cloud Access Service (CAS).
Improved Support for SAML Certificate Rotation
You can now load up to two SAML signing certificates per application in CAS, ensuring seamless transitions when certificates expire. CAS automatically switches to the other certificate, maintaining secure and uninterrupted access for your applications. Managing certificates is now easier through the Cloud Administration Console, where you can view, import, and update them. This feature is available for both My Page SSO and Relying Party applications.
- To use this feature for an SSO application, navigate to Cloud Administration Console > Applications > Application Catalog / My Applications, select a SAML application, and on the Connection Profile page, upload certificate from the Message Protection section.
- To use this feature for a Relying Party application, navigate to Cloud Administration Console > Authentication Clients > Relying Parties, select an application, and on the Connection Profile page, upload certificate from the Message Protection section.
Copy SAML Metadata URL
You can now copy the SAML metadata URL directly from your configured applications, making it faster to share metadata with services that require a direct URL instead of uploading files. This enhancement simplifies your SAML setup process and saves time. This feature is available for both My Page SSO and Relying Party applications.
- To access this feature for an SSO application, go to Cloud Administration Console > Applications > My Applications, select a configured SAML SSO application, and from the dropdown, select Copy Metadata URL.
- To access this feature for a Relying Party application, navigate to Cloud Administration Console > Authentication Clients > Relying Parties, select a configured SAML Relying Party application, and from the dropdown, select Copy Metadata URL.
RSA SDK for iOS and Android Patch Release - Now Available
-
Updated certificates (required for secure communication with Cloud Access Service from the week commencing October 06, 2025)
-
Enhanced Android SDK support for multiple binding methods, enabling organizations to deploy several custom applications with greater flexibility
RSA SecurID Access Admin REST API 2.8.0 - Now Available
RSA SecurID Access Admin REST API version 2.8.0 is now available with the updates on OAuth API access support. You can download the updated API package from the ID Plus Admin REST API Download page.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| MFA Agent for Microsoft Windows | 2.3 | October 2025 | No |
Related Articles
RSA November 2024 Release Announcements Number of Views RSA November 2025 Release Announcements Number of Views RSA July 2025 Release Announcements Number of Views RSA Authentication Manager 8.2 SP1 Bulk Administration 1.6.0 Custom Application Guide (AMBA) Number of Views RSA Authentication Manager 8.2 Bulk Administration 1.6.0 Custom Application Guide (AMBA) Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
