Cloud Access Service Updates
The following subsections outline the new and enhanced features of the Cloud Access Service (CAS).
IP Address in User Event Monitor Logs
User Event Monitor logs now include the IP address for authentication events. In the User Event Monitor, REMOTE_IP is available in the authentication details for the following events:
- 20300 (error): Multifactor authentication failed to initiate.
- 20301 (notice): Multifactor authentication initiated.
Allow and Configure iShield Authenticators
You can allow or deny specific FIDO2 authenticators that users can register and use for authentication. Previously, iShield authenticators were always whitelisted and automatically allowed for authentication, and you could not manage it.
Swissbit iShield Key 2 is now available as a new authenticator option under Access > FIDO Authentication, where you can allow access and configure conditions.
Network Zone Replaces Trusted Network Attribute in Policies
As part of the condition attributes for access policies, the Trusted Network attribute is no longer available and has been replaced by the Network Zone attribute, which supports assigning one or more network zones. Your existing Trusted Network rules are now migrated to Network Zone attribute rules. Additionally, in the Cloud Administration Console, go to Access > Networks to manage Access Policy and IDR Network Zones. These network zones are no longer system defaults and can now be edited or deleted.
Use of Company-Specific URLs Required
As a follow-up to the November 2024 Release Announcement, non-company-specific URLs will soon be removed. You must update the affected service URLs immediately. For more information, see the Company-Specific Administrative URLs Update Instructions. You must use your designated company-specific URLs for all access, including API interactions, Authentication Manager (AM) configurations, SCIM configurations, or redirected URLs from identity providers (IdPs). Access through non-company specific URLs is not yet blocked; however, when it is blocked, it may result in loss of functionality (for example, https://access.securid.com or https://na2.access.securid.com ).
To ensure uninterrupted access, you should promptly verify that all connectivity is routed through the appropriate company-specific URLs and update their configurations as needed. If your Identity Router (IDR) software version is earlier than 12.22.0.0.32, you must Update Identity Router Software to the latest version to avoid any disruptions when non-company-specific URLs are deprecated.
Starting with the June 2025 release, a banner warning appears for 24 hours whenever a non-company-specific URL is used for the following:
- Logging in to the Cloud Administration Console via password or third-party IdP.
- Accessing the Cloud Administration REST APIs.
In addition, an audit event is logged once per day whenever a non-company-specific URL is used for third-party IdP login and Cloud Administration REST API. You can view this event from the Cloud Administration Console by navigating to Platform > Admin Event Viewer.
As part of the effort to deprecate non-company-specific URLs, the Software and Adapter Repository URLs used by IDRs will be updated to company-specific URLs starting with the June release. As a result, customers are advised to review their network configurations and ensure that the new URLs are whitelisted, if applicable.
Current URL format:
- Software Repo: https://public-apprepo-<tenantName>.<accessRegion>.securid.com
- Adapter Repo: https://public-connectorrepo-<tenantName>.<accessRegion>.securid.com
New URL format (to be whitelisted):
- Software Repo: https://companyName.{baseAccessDNSName}.securid.com
- Adapter Repo: https://companyName.{baseAccessDNSName}.securid.com
GOV Deployment
Current URL format:
- Software Repo: https://public-apprepo-<tenantName>.<accessRegion>.securidgov.com
- Adapter Repo: https://public-connectorrepo-<tenantName>.<accessRegion>.securidgov.com
New URL format (to be whitelisted):
- Software Repo: https://companyName.{baseAccessDNSName}.securidgov.com
- Adapter Repo: https://companyName.{baseAccessDNSName}.securidgov.com
A Status Monitor is already available to validate connectivity. If the status is healthy, no action will be required after the change.
You can verify this from the Cloud Administration Console by navigating to Platform > Identity Router and expanding the Identity Router section to view the status indicators. For more information, refer to this IDR Advisory.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product | Version | EOPS Date | Extended Support Level 1/Level 2 |
|---|---|---|---|
| Authenticator for Windows |
6.2.2 |
May 2026 | |
| MFA Agent for Microsoft Windows | 2.3.1/ 2.3.2 | May 2026 | No |
| RSA Authentication Manager | 8.7 SP1 | June 2026 | June 2027/ June 2028 |
|
Authenticator for iOS & Android
|
4.4 |
June 2026 | |
|
4.5 |
October 2026 |
Identity Router (IDR) 12.25.0.0.X Now Available
The IDR 12.25.0.0.X release is now available. We recommend that all customers upgrade to this version.
Identity Router Update Schedule and Versions
Identity routers will be updated according to the following schedule. Downloading the new identity router image when you deploy new identity routers ensures that you benefit from the latest security improvements.
| Date | Description |
|---|---|
|
ANZ /CND / SGP: May 26, 2026 |
Updated identity router software is available to all customers. |
|
Default: Saturday, June 20, 2026 |
Default date when identity routers are scheduled to automatically update to the new version unless you modify the update schedule or update manually. |
|
Last: Saturday, July 18, 2026 |
If you have postponed the default date, this is the final day on which updates can be performed. |
|
Enforced: July 25, 2026 |
If the Identity Router (IDR) is not upgraded after the last permitted date for any reason, RSA will automatically initiate a mandatory upgrade seven days later. You will receive an email notification and a Cloud Administration Dashboard alert with the scheduled update date. |
Third-Party Integrations from RSA Ready
The following integrations are completed or certified by RSA through the RSA Ready Technology Partner Program. For the complete catalog of Implementation Guides, see RSA Ready Integrations on the RSA Community.
- New and Updated Integrations for ID Plus
- AWS Cognito (SAML)
- Citrix Workspace (SAML)
- Microsoft Sentinel High-Risk API
- Palo Alto Captive Portal (API)
- Salesforce Device Activation
Subscribe to status.securid.com for the Cloud Access Service Status Updates
For information about all service incidents and scheduled maintenance windows for the Cloud Access Service, subscribe to https://status.securid.com.
Related Articles
RSA May 2025 Release Announcements Number of Views RSA April 2026 Release Announcements Number of Views RSA March 2026 Release Announcements Number of Views RSA February 2026 Release Announcements Number of Views RSA Authentication Manager 8.9 Administrator's Guide Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Reset the token PIN in the RSA Authentication Manager 8.x Self-Service Console when the existing PIN is forgotten RSA-2026-05: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities RSA Release Notes: Cloud Access Service and RSA Authenticators
