In the Cloud Administration Console, administrators can now add, edit, or delete local identity sources. Administrators can add users to local identity sources through the "Add User" option in the Cloud Administration Console (From Users > Management), CSV file upload, or via the SCIM API.
The Cloud Authentication Service supports importing new local users using CSV file upload. In the Cloud Administration Console, administrators can now upload a CSV file to import new users. This option is only available for local identity sources within the Unified Directory.
Using My Page single sign-on (SSO), administrators can now secure AWS workspace with the identity provider (IdP) initiated SSO SAML support. In the Cloud Administration Console, you can set the optional “Default Relay State.” If a SAML request message contains dynamic Relay State data, then the SAML responder will return its SAML protocol response using a binding that also supports a dynamic Relay State mechanism. If there is no Relay State in an IdP-initiated request, the default Relay State will return in the SAML response.
To secure login to the Epic Hyperdrive, a new "cloudconfigs" API has been added to return additional cloud configurations related to the Epic Hyperdrive to support it during multi-factor authentication (MFA) proxy requests from Epic Hyperdrive agents.
The validation rules of the RADIUS Name and Description fields have been modified to match the configurations used for Authentication Manager. When you add a RADIUS client, the Name field can now contain spaces and dots, and the length of the Description field has been increased to 255 characters.
The Cloud Authentication Service now tracks which authentication method(s) a user has used instead of which assurance levels were met to access a protected resource. The Event Monitor logs will now help you to monitor the log events when users are automatically allowed access to an app based on the used authentication methods.
The following table lists the ciphers for incoming and outgoing connections that will be removed or renamed in the Cloud Authentication Service June 2023 release. These ciphers were not working in the previous releases, and hence these are removed or renamed. If you find these ciphers configured, update (remove or rename) them based on the following table. The cipher update will not affect the environment since other working ciphers were configured.
|RSA-AES128-SHA256||Outgoing||Renamed to AES128-SHA256|
|RSA-AES128-SHA||Outgoing||Renamed to AES128-SHA|
RSA Authentication Agent 7.4.6 includes display message corrections in language packs.
This release includes miscellaneous identity router improvements. Identity routers will be updated according to the following schedule.
EU / IN: 5/4/2023
|Updated identity router software is available to all customers.|
|05/27/2023||Default date when identity routers are scheduled to automatically update to the new version unless you modify the update schedule or update manually.|
If you postponed the default date, this is the last day when updates can be performed.
Note: Downloading the new identity router image when you deploy new identity routers ensures that you benefit from the latest security improvements.
The new identity router software versions are:
|Amazon Cloud||RSA_Identity_Router 126.96.36.199|
My Page logon screen will be enhanced to include User ID and Password fields on the same screen for a faster authentication.
My Page can be customized to include company logo, icons, color, background image, and text that is specific to your organization and meaningful to your user audience.
My Page customizations will be applied to all authentication screens and flows for a uniform experience.
Customization option is available only for ID Plus E2 and E3 subscriptions.
The following integrations were recently completed or certified by RSA through the RSA Ready Technology Partner Program. For Implementation Guides, see SecurID Integrations on the RSA Community.