Cloud Access Service Updates
The following subsections outline the new and enhanced features of the Cloud Access Service (CAS).
Expanded HOTP Hardware Authenticator Support
Support for HOTP hardware authenticators now includes devices seeded with SHA-256 or SHA-512, in addition to SHA-1. This enhancement increases compatibility with a wider range of authenticator models, including Thales SafeNet eToken PASS, SafeNet OTP 111, and SafeNet OTP 112. It also provides greater flexibility when selecting and deploying hardware authentication options while maintaining a secure, seamless sign-in experience.
RSA Cloud Access Service Now Supports FIDO Discoverable Credentials
Users no longer need to enter a user ID during authentication with FIDO2 discoverable credentials. This reduces the number of steps required and simplifies the overall sign-in experience, enabling faster, more intuitive, and more secure access to protected resources.
Improved Identity Router (IDR) Connectivity with MFA/ REST Agent
The TCP agent in IDR is replaced with an MFA/REST agent, moving to a standardized REST/MFA architecture. This transition simplifies support, logging, metrics, and troubleshooting, while making upgrades and agent replacement easier. Standardizing the communication protocol across components also improves consistency, resulting in a more reliable and maintainable deployment experience. To apply this update, navigate to the Cloud Administration Console > Platform > Authentication Manager, then click Configure Connection.
Note: This migration is available if you have an existing TCP connection and the Identity Router (IDR) is upgraded to 12.24.0.0.10.
Subscribe to status.securid.com for the Cloud Access Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Access Service, subscribe to https://status.securid.com.
Coming Soon - (March Release)
RSA MFA Agent for UNIX 9.1 (Formerly RSA MFA Agent for PAM)
The RSA MFA Agent for PAM is now renamed RSA MFA Agent for UNIX to align with the naming conventions used across other RSA agents, such as RSA MFA Agent for Windows and RSA MFA Agent for macOS. This update improves consistency across platforms, making it easier to identify, deploy, and manage RSA MFA agents in various operating system environments.
The RSA MFA Agent for UNIX 9.1 includes the following features (Linux OS only):
- A consistent, secure, and simplified passwordless sign-in experience using one-time passwords (OTP) and emergency access codes.
- Passwordless authentication using mobile passkeys and biometric push notifications through the RSA Authenticator app for iOS and Android, in combination with the RSA MFA Agent for UNIX.
- Support for TLS 1.3 when connecting to CAS, providing faster connections and stronger protection against modern security threats.
- Code matching mode support for both Approve and Biometric push notifications, enhancing the verification process and reducing the risk of unauthorized access.
RSA MFA Agent 2.5 for Windows
- Native offline QR code–based passwordless authentication will enable users to authenticate without network connectivity or OTP entry.
- This requires RSA Authenticator 4.7 for iOS and Android.
- Support for Passwordless authentication methods in Authentication Manager (AM)/CAS Hybrid mode.
- This requires RSA Authentication Manager 8.9.
- Configurable proximity check will strengthen passwordless authentication by adding an extra layer of security, ensuring access is granted only when the authenticator is activated near the device.
- This requires RSA Authenticator 4.7 for iOS and Android.
- The RSA MFA Agent for Windows now supports TLS 1.3 when communicating with RSA CAS or RSA Authentication Manager, enhancing overall security.
- Users can sign in securely without passwords by using one-time password (OTP) both online and offline, streamlining the authentication experience.
RSA Authenticator 4.7 for iOS and Android
- Redesigned notification experience providing users with more consistent and clearer presentation of information.
- Improved security by requiring biometric or device password authentication when registering new Cloud credentials.
- This only applies to Cloud credentials, not to AM-based credentials. For further details, see Coming Soon: RSA Authenticator 4.7 for iOS and Android.
- Proximity detection and offline QR code authentication support for passwordless methods with new versions of RSA Agents, such as RSA MFA Agent 2.5 for Windows.
- Location information in notifications.
Updates to FIDO and U2F Authentication Support
As part of the ongoing process to strengthen and simplify FIDO support, RSA is making the following changes:
- Users can no longer register new FIDO Universal 2nd Factor (U2F) authenticators. Existing U2F authenticators will continue to be supported for step-up authentication.
- U2F authenticators cannot be used for passwordless authentication.
- Online FIDO2 registration during login is no longer supported. FIDO2 Authenticators can now only be registered though My Page.
Related Articles
RSA February 2024 Release Announcements Number of Views RSA February Release Announcements Number of Views RSA February 2025 Release Announcements Number of Views RSA June 2025 Release Announcements Number of Views RSA March 2024 Release Announcements Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
