The following subsections provide the highlights of the new and enhanced features of Cloud Authentication Service (CAS).
Rebranding of My Page and the Cloud Administration Console
My Page and theCloud Administration Consolehave been rebranded from "SecurID" to "RSA". Both have been updated with the new RSA logo and colors. The following example screen shows the rebranded dashboard of theCloud Administration Console.
RSA My Page Single Sign-On (SSO) Is Now OpenID Connect Certified!
You can now protect access to your OpenID Connect (OIDC) based applications with the OpenID Connect certified connector of RSA My Page. For more information about OpenID Connect Certification, see the following links:
Rebranded Risk AI Dashboard and Adjustable Identity Confidence Threshold
In theCloud Administration Console, theIdentity Confidence Dashboardhas been rebranded as theRisk AI Dashboard. You can now modify the Identity Confidence Threshold value calculated by the Risk Engine. The effective threshold will be the sum of the dynamic threshold and the adjusted threshold values. In theRisk AI Dashboard, the “User Behavior Over Time" line graph reflects theEffective Thresholdin addition to theIdentity Confidence Scoreand theDynamic Calculated Threshold, indicating the contributing factors.
New Region-Based Domain Names for Identity Routers
New region-specific domain names have been added for primary and alternate regions as a part of a future plan to reduce the overall failover time. Therefore, you need to whitelist these new domain names if you are using name-based firewall rules so that in the future your identity routers can connect to the Cloud using these new region-specific domain names.
Note:The domain names used in other URLs (e.g., Cloud Administration Console, REST API URLs, or a URL that AM connects to) remain the same.
The identity routers have been enhanced to perform periodic connectivity checks to the Cloud using these new region-specific domain names, and the results are shown in the Cloud Administration Console. To check the connectivity statuses of the Software Update Service, the Adapter Update Service, and the Cloud Authentication Service Connection to the primary and alternate regions using these new domain names, navigate toPlatform>Identity Routersin the Cloud Administration Console.
Logout URL Support for All Primary Authentication Methods
TheLogout URLfield on the Cloud Administration Console > Access > My Page can now be configured irrespective of the selection made in the Primary Authentication Method. This was previously allowed only for the "Performed by Cloud Identity Provider" authentication method.
Upgraded log4j Libraries in the Cloud Administration REST API Download Version 2.7.3
The new SDK V2.7.3 upgraded the log4j dependency from 1.2.17 to 2.20.0 to address all the known log4j vulnerabilities in the previous releases, noting that the SDK is not using vulnerable log4j features.
Second Reminder: RSA Authenticator 4.3 for iOS and Android – Coming Soon with New Look and More!
RSA SDK 4.0 for iOS and Android will be released by the end of August. This release provides full database encryption. It supports data migration from SDK versions 3.0 and 3.1. In this release, the QR code authentication method is supported. This release also includes bug fixes.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
Extended Support Level 1/ Level 2
Authenticator for iOS
Authenticator for Android
Identity Router Update Schedule and Versions
This release includes miscellaneous identity router improvements. Identity routers will be updated according to the following schedule.
AU: 08/28/2023 EU / IN: 08/30/2023 NA: 08/31/2023 Gov: 08/31/2023
Updated identity router software is available to all customers.
Default date when identity routers are scheduled to automatically update to the new version unless you modify the update schedule or update manually.
If you postponed the default date, this is the last day when updates can be performed.