Improved integration options for customers with SAML-based applications who cannot use the SAML Authentication Context attribute to assign an access policy based on a condition such as the user group and/or resource being accessed.
Secure sign-in to the Cloud Administration Consolethrough federation by extending the identity provider (IdP).
Identity router update includes miscellaneous improvements.
The RSA Cloud Administration APIs support FIDO. You can enable commercial and custom applications to enroll FIDO Tokens leveraging these APIs in addition to using RSA SecurID Access for FIDO-based authentication.
RSA SecurID Access Application Portal has been redesigned with the same modern look-and-feel that users already see in the web authentication and My Page screens.
If your Cloud Authentication Service deployment was integrated with RSA Authentication Manager and it allows users with RSA SecurID Tokens to access cloud-protected resources, you can now delete unused connections.
Cloud Administration Retrieve License Usage API allows administrators to access the number of MFA licenses used, the number of users with third-party FIDO authenticators, and the total number of SMS and Voice Tokencodes sent for the current month.
SecurID Authentication Manager 8.6 uses FreeRADIUS as the basis for the SecurID RADIUS server, instead of Steel-Belted RADIUS (SBR). FreeRADIUS is the most popular open source RADIUS server in the world. SBR has reached end-of-life and required replacement. SBR is no longer supported after August 2023.
SecurID Authentication Manager 8.6 includes customer-requested features and enhancements:
The VMware virtual appliance now offers 500 GB of disk space for storage.
You can provide your own Quick Setup Access Code for VMware virtual appliance deployment.
The Distributed Token Requests Report includes a new "Distributed On" column.
(Patch 4) New features in RSA Authentication Manager 8.4 Patch 4 make it easier than ever for you to adopt modern multifactor authentication from RSA with minimal infrastructure updates to your deployment.
Obtain the Azure virtual appliance from the Azure Marketplace
Easier access to RSA SecurID-protected resources for multifactor authentication users
Major platform upgrades to enhance security, including upgrades to FIPS compliance
Ability to delete a console or virtual host certificate
Upgrade path from version 8.1 SP1 with or without patches. Direct migration from version 6.1 or 7.1 is not supported.
Ability to create a custom token expiry notification that calculates when tokens must be ordered based on the number of tokens available, the number of tokens that are assigned, and the number of tokens that are expiring within a specified time.
IPv6 addresses for RADIUS clients.
Extending the lifetime of a distributed software token that has expired or will expire soon.
Ability to display a custom logon banner before users log on to the Operations Console, the Security Console, the Self-Service Console, or the appliance operating system with a Secure Shell (SSH) client.
“FIPS-inside” by including FIPS-compliant cryptographic library module RSA BSAFE® Crypto-J 6.1 (NIST Certificate # 2058).
Internal SHA-256 certificates for communication between components, such as primary and replica instances and the web tier.
The Transport Layer Security (TLS) 1.2 cryptographic protocol for secure network communications.
Integration with RSA Via Access (now the Cloud Authentication Service), a cloud-based authentication service.
On the virtual appliance, uploading an Evaluation License during Quick Setup automatically creates 25 temporary software tokens that expire after 6 months.
The Hyper-V virtual appliance on a Microsoft Windows 2012 host machine and a Microsoft Windows 2012 R2 host machine.
The Authentication Manager Bulk Administration (AMBA) utility automates administrative operations for large new token deployments or token replacements, and simplifies the bulk administration of users, user groups, tokens, and agents.
Additional trusted realm support.
Use of nonstandard email domains.
List user group membership in reports.
Qualified on VMware ESXi 5.5 and 6.0.
OpenLDAP qualified to run as an external identity source.
Authentication Manager Bulk Administration (AMBA) utility added to the Extras kit.
A downloadable ISO file provides a method for restoring a hardware appliance.
Users can sign in to their computers without using a password. This update to the Agent enables passwordless authentication to Windows 10 laptops and desktops using a FIDO2 security key with a USB connector for both online and offline authentication. For more information, see this blog.
You can install RSA MFA Agent on macOS computers running with Apple M1 ARM based processors on the macOS Big Sur (11.1 or later) operating system.
Users can sign in online and offline using SID700 hardware tokens (managed in Cloud Authentication Service) by selecting RSA SecurID authentication method.
Users can check their remaining offline days by using the RSA MFA Agent icon in the macOS menu bar. You can configure Agent to display the notification. Users can also refresh their offline days using the RSA MFA Agent icon and the notification message.
You can specify if the Agent appends additional information as a suffix to the user name and sends it to Cloud Authentication Service for authentication.
Accepts credentials from remote applications such as Citrix® XenApp® and Microsoft Remote Desktop Connection. Users who are not required to authenticate with RSA SecurID do not need to enter credentials twice when using those applications.
In Cloud Authentication Service mode, users can authenticate with Emergency Tokencode when the users cannot use other methods, for example, if the users do not have mobile phones or when the users lose the RSA SecurID Token.
Ability to configure case-sensitivity for user names when determining challenge group membership. By default, user names are case-sensitive. You can configure the PAM agent to not consider case. Adds Ubuntu 18.04 (64-bit) and Ubuntu 20.04 (64-bit) support.
Ability to authenticate to the Cloud Authentication Service (in REST mode) or RSA Authentication Manager (in REST mode or UDP mode).
In REST mode, the PAM agent can send additional information to RSA Authentication Manager for agent reporting.
Version 8.0 includes RSA SecurID Authentication Agent 7.1 for PAM features, such as support for SELinux, support for Exponential Backoff, and an option for a silent, unattended installation.
Support for the following operating systems:
AIX 7.1 TL3 (SP5) Power 6: 32-bit and 64-bit and AIX 7.2 TL1 (SP2) Power 8: 32-bit and 64-bit
RHEL 6.8: 32-bit and 64-bit, RHEL 7.1: 64-bit and RHEL 7.3 64-bit
Oracle Linux 6.8 64-bit and Oracle Linux 7.3 64-bit
Solaris SPARC 10 (32-bit and 64-bit), for which RSA recommends Update 8 or later, Solaris SPARC 10.5 (32-bit and 64-bit) with Zones, Solaris SPARC 11.2 (32-bit and 64-bit), Solaris x86 10.5 Update 11 (32-bit), and Solaris x86 11.2 (32-bit)
SUSE Enterprise Linux Server version 11 SP3 or later (32-bit and 64-bit) and SUSE Enterprise Linux Server version 12 (64-bit)
Allows users to install the SecurID Software Token application on the Windows Phone and access a tokencode (a random number that changes every 30 to 60 seconds) to log on to resources protected by RSA SecurID.
When the application is installed in the default location on the local hard drive, then launching the application for the first time creates registry entries for the token storage device name and the device serial number.