Multi-factor authentication is now available for the web pages or apps embedded in an iframe. To allow authentication for embedded iframe pages, administrators can add sites to the allowed domains list on theCompany Settingspage, underSessions & Authenticationtab, in theContent Securitysection. To make the embedded iframe pages more secure, administrators need to provide HTTPs based URLs.
Track Usage Information in the Cloud Authentication Service
The Cloud Authentication Service dashboard has been updated with the count of active end users who either have a registered authenticator or who authenticated successfully in the last six months to gain a deeper insight about the actual number of users authorized to use the Cloud Authentication Service. In addition, the “All Users” report has been enhanced with Active User License Used, Registered Credential, Active Users in last 6 months, and Local User columns to better track the actual number of users using the Cloud Authentication Service.
Cloud Authentication Service as Authorization Server for Generic OIDC Relying Party
Cloud Authentication Service can act as the authorization server for a generic OpenID Connect (OIDC) relying party application. Administrators can configure this in the Cloud Administration Console underAuthentication Client>Relying Parties.
Step-Up Authentication with QR Code is Available!
The Cloud Authentication Service now supports a new step-up authentication method: QR code. To use this new authentication method, open the Cloud Administration Console, selectAccess>Assurance Levelspage, and clickAddin the required level. Using this authentication method will require downloading SecurID Authenticator app V4.2 for iOS and Android, scheduled for release by end January 2023. Support for QR code as a primary authentication method will be added in a future release.
Lockout Push Notifications for Authentication Methods
In the Cloud Administration Console, the existing settings controlling authentication method lockout have been extended to cover Approve and Device Biometric authentication methods. In accordance with these settings, the Cloud Authentication Service now automatically stops sending push notifications to users who deny a login request for a specified number of times. This is to avoid multi-factor authentication (MFA) fatigue attack.
Local User Support via RSA Unified Directory
Unified Directory is a new user identity store for the RSA Cloud Authentication Service that will enable full Cloud-only deployments in the future. RSA Unified Directory has the ability to create and store local users and their passwords using the open standard System for Cross-domain Identity Management (SCIM) API. Administrators can manage local users from the Cloud Administration Console. Users can manage themselves using the My Page self-service portal. Local user passwords are completely validated within the Cloud Authentication Service. This feature is currently available in limited release. If you are interested in RSA Unified Directory, contact your RSA Sales Representative.
RSA Authenticator 4.2.0 for iOS and Android - Coming Soon!
RSA Authenticator v4.2.0 for iOS and Android app enables users to migrate their credentials from the RSA Authenticate app to the RSA Authenticator app. When users first open the RSA Authenticator 4.2 app or register their credentials, they will be prompted to migrate their existing credentials from RSA Authenticate app to RSA Authenticator app.
QR code can be used as a step-up authentication method. If this method was enabled by their organizations, users will be able to authenticate to My Page by simply scanning the QR code with their registered Authenticator app.
SecurID Authenticator 5.1 for macOS - Coming Soon!
SecurID Authenticator 5.1 for macOS app will be enhanced with standardized terminologies to align and streamline with the other RSA products and the authentication industry.
Users will be able to migrate all their software tokens from the existing SecurID Software Token 4.2.3 app to the new SecurID Authenticator 5.1 for macOS. With this migration, users will be able to manage all their credentials within the new macOS Authenticator.
Users will be able to set their own device passwords in the SecurID Authenticator 5.1 for macOS to secure the operations performed on AM managed OTP, such as entering a PIN, renaming a software token, or deleting it.
SecurID Authenticator 5.1 for macOS app will support macOS Ventura, which was released on October 24, 2022.