Cloud Access Service Updates
The following subsections outline the new and enhanced features of the Cloud Access Service (CAS).
Granular Control for FIDO Authenticators
You can now precisely define which FIDO authenticators can be used for registration and authentication by enabling or disabling them based on various parameters. To define the FIDO authenticators, navigate to Cloud Administration Console > Access > FIDO Authentication.
Note: FIDO inline registration and registration of new U2F authenticators are no longer supported. Previously registered U2F authenticators can continue to be used for step-up authentication.
OAuth JWT Support
OAuth JWT support is now available to enhance the security of external identity source SCIM client connections to CAS. SCIM access can now be secured using OAuth-based authentication instead of legacy API keys, providing stronger protection and improved control over integrations. To configure this feature, navigate to Cloud Administration Console > Platform > API Access Management. To apply the configuration to a SCIM identity source, navigate to Cloud Administration Console > Users > Identity Sources.
API Enhancement: Additional User Identifier Support
The Cloud Administration Retrieve Device Registration Code API, Cloud Administration User Details API, and Cloud Administration Authenticator Details API Version 1 now support the username input parameter to identify the user being managed. This enhancement provides greater flexibility when integrating with systems that use usernames as the primary user identifier.
Identity Router (IDR) Portal SSO Enhancements
SAML applications available from CAS legacy IDR SSO portal now include the following security and usability improvements:
- The maximum character length for IDR SAML application names increased from 100 to 200 characters to make applications easier to identify.
- The LDAP/AD user search filter configured in each identity source can now be globally enabled in the IDR portal to exclude users from authenticating. The portal does not attempt password authentication against the identity source, preventing password strikes that could lock user accounts.
- SAML application configuration now supports attribute filters, allowing control over which user attributes are sent to each application and helping prevent over-granting of access permissions. You can configure these attribute filters on the Fulfillment tab while adding a SAML Direct application. To access this option, navigate to Cloud Administration Console > Applications > Application Catalog.
Access Discovery on My Page
My Page is now enhanced with access discovery, providing managers and application owners with a complete view of access across all accounts, including those outside the standard Lifecycle Management process. This enhancement eliminates critical security blind spots, enables proactive risk mitigation, and ensures accountability for every entitlement, regardless of how it was provisioned. To view this enhancement, navigate to My Page > Access Control.
Subscribe to status.securid.com for the Cloud Access Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Access Service, subscribe to https://status.securid.com.
Third-Party Integrations from RSA Ready
The following integrations are completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.
- New Integrations for ID Plus
-
- CrowdStrike Falcon Next-Gen SIEM (Authentication Manager Logs)
- Microsoft Sentinel Connector
- Microsoft Sentinel using Logic App
- SilverFort Bridge (SAML)
- Updated Integrations for ID Plus
-
- BeyondTrust Password Safe (RADIUS)
- Palo Alto Captive Portal (SAML)
- Palo Alto Cloud Identity Engine (SAML)
- Palo Alto NGFW Global Protect (RADIUS, SAML)
- Workday (SAML)
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| Authentication Agent for Web for IIS / Apache | 8.0.x | March 2026 | No |
| MFA Agent for Microsoft Windows | 2.3.1/ 2.3.2 | May 2026 | No |
| Authenticator for iOS & Android | 4.4 | June 2026 | No |
| RSA Authentication Manager | 8.7 SP1 | June 2026 | June 2027/ June 2028 |
Related Articles
RSA March 2025 Release Announcements Number of Views RSA March Release Announcements Number of Views RSA March 2024 Release Announcements Number of Views RSA February 2026 Release Announcements Number of Views RSA Governance & Lifecycle SSH Generic Connector Datasheet Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
