Improved integration options for customers with SAML-based applications who cannot use the SAML Authentication Context attribute to assign an access policy based on a condition such as the user group and/or resource being accessed.
Secure sign-in to the Cloud Administration Consolethrough federation by extending the identity provider (IdP).
Identity router update includes miscellaneous improvements.
The RSA Cloud Administration APIs support FIDO. You can enable commercial and custom applications to enroll FIDO Tokens leveraging these APIs in addition to using RSA SecurID Access for FIDO-based authentication.
RSA SecurID Access Application Portal has been redesigned with the same modern look-and-feel that users already see in the web authentication and My Page screens.
If your Cloud Authentication Service deployment was integrated with RSA Authentication Manager and it allows users with RSA SecurID Tokens to access cloud-protected resources, you can now delete unused connections.
Cloud Administration Retrieve License Usage API allows administrators to access the number of MFA licenses used, the number of users with third-party FIDO authenticators, and the total number of SMS and Voice Tokencodes sent for the current month.
RSA SecurID Authenticate 3.5 app for iOS and Android contains miscellaneous fixes and improvements.
The app includes Authenticate Key, a FIDO-based authenticator that can be used for primary and additional authentication. This is a Technical Preview feature that is disabled by default. If you are interested in enabling this feature, contact RSA.
Most access policy attributes that were previously available only to customers with Premium Edition are now available to all customers with Enterprise Edition.
RSA SecurID Access Threat Aware Authentication now supports additional customer scenarios in the Cloud Administration of High-Risk User API version 2.
Data collection for identity confidence and location can now be disabled and re-enabled from the Cloud Administration Console.
If you previously disabled identity confidence data collection on the identity router with the assistance of RSA Customer Support, you must now use the Cloud Administration Consoleto disable this function.
All of the preconfigured access policies provided with RSA SecurID Accesscan now be edited for immediate customization.
Use the Cloud Administration Delete User Now API to delete a single disabled user from the Cloud Authentication Service and immediately remove all information and devices associated with the user.
Six new videos demonstrate how to configure the Cloud Authentication Service.
The Cloud Authentication Servicesupports Windows Hello and Android phone as FIDO authenticators.
Terminology is changing in the Cloud Administration Consoleand product documentation to address authenticators that are not necessarily devices.
A new user identifier, Alternate Username, is available as an identity source attribute. Customers with relying parties such as Azure Active Directory can use any attribute, such as UPN, that is suitable for use as the SecurID Access username.
A new API allows users to securely register their devices within custom help desk and self-service portals. The API generates one-time device registration codes.
TheCloud Authentication Serviceis now a FIDO2 Certified Server. The certification demonstrates compliance with the FIDO specification and ensures compatibility with any FIDO-certified security key.
A password is now required to protect the Issuer Signing Certificate file (.pfx) when you install the Integrated Windows Authentication (IWA) Connector. RSA recommends that you install the latest version of the Connector (1.6) with the certificate file password.
The schedule for planned changes to the Cloud Authentication Service IP addresses is posted in the Release Notes.
(Patch 4) New features in RSA Authentication Manager 8.4 Patch 4 make it easier than ever for you to adopt modern multifactor authentication from RSA with minimal infrastructure updates to your deployment.
Obtain the Azure virtual appliance from the Azure Marketplace
Easier access to RSA SecurID-protected resources for multifactor authentication users
Major platform upgrades to enhance security, including upgrades to FIPS compliance
Ability to delete a console or virtual host certificate
Upgrade path from version 8.1 SP1 with or without patches. Direct migration from version 6.1 or 7.1 is not supported.
Ability to create a custom token expiry notification that calculates when tokens must be ordered based on the number of tokens available, the number of tokens that are assigned, and the number of tokens that are expiring within a specified time.
IPv6 addresses for RADIUS clients.
Extending the lifetime of a distributed software token that has expired or will expire soon.
Ability to display a custom logon banner before users log on to the Operations Console, the Security Console, the Self-Service Console, or the appliance operating system with a Secure Shell (SSH) client.
“FIPS-inside” by including FIPS-compliant cryptographic library module RSA BSAFE® Crypto-J 6.1 (NIST Certificate # 2058).
Internal SHA-256 certificates for communication between components, such as primary and replica instances and the web tier.
The Transport Layer Security (TLS) 1.2 cryptographic protocol for secure network communications.
Integration with RSA Via Access (now the Cloud Authentication Service), a cloud-based authentication service.
On the virtual appliance, uploading an Evaluation License during Quick Setup automatically creates 25 temporary software tokens that expire after 6 months.
The Hyper-V virtual appliance on a Microsoft Windows 2012 host machine and a Microsoft Windows 2012 R2 host machine.
The Authentication Manager Bulk Administration (AMBA) utility automates administrative operations for large new token deployments or token replacements, and simplifies the bulk administration of users, user groups, tokens, and agents.
Additional trusted realm support.
Use of nonstandard email domains.
List user group membership in reports.
Qualified on VMware ESXi 5.5 and 6.0.
OpenLDAP qualified to run as an external identity source.
Authentication Manager Bulk Administration (AMBA) utility added to the Extras kit.
A downloadable ISO file provides a method for restoring a hardware appliance.
Accepts credentials from remote applications such as Citrix® XenApp® and Microsoft Remote Desktop Connection. Users who are not required to authenticate with RSA SecurID do not need to enter credentials twice when using those applications.
Ability to configure case-sensitivity for user names when determining challenge group membership. By default, user names are case-sensitive. You can configure the PAM agent to not consider case. Adds Ubuntu 18.04 (64-bit) and Ubuntu 20.04 (64-bit) support.
Ability to authenticate to the Cloud Authentication Service (in REST mode) or RSA Authentication Manager (in REST mode or UDP mode).
In REST mode, the PAM agent can send additional information to RSA Authentication Manager for agent reporting.
Version 8.0 includes RSA SecurID Authentication Agent 7.1 for PAM features, such as support for SELinux, support for Exponential Backoff, and an option for a silent, unattended installation.
Support for the following operating systems:
AIX 7.1 TL3 (SP5) Power 6: 32-bit and 64-bit and AIX 7.2 TL1 (SP2) Power 8: 32-bit and 64-bit
RHEL 6.8: 32-bit and 64-bit, RHEL 7.1: 64-bit and RHEL 7.3 64-bit
Oracle Linux 6.8 64-bit and Oracle Linux 7.3 64-bit
Solaris SPARC 10 (32-bit and 64-bit), for which RSA recommends Update 8 or later, Solaris SPARC 10.5 (32-bit and 64-bit) with Zones, Solaris SPARC 11.2 (32-bit and 64-bit), Solaris x86 10.5 Update 11 (32-bit), and Solaris x86 11.2 (32-bit)
SUSE Enterprise Linux Server version 11 SP3 or later (32-bit and 64-bit) and SUSE Enterprise Linux Server version 12 (64-bit)
Allows users to install the SecurID Software Token application on the Windows Phone and access a tokencode (a random number that changes every 30 to 60 seconds) to log on to resources protected by RSA SecurID.
When the application is installed in the default location on the local hard drive, then launching the application for the first time creates registry entries for the token storage device name and the device serial number.