The following subsections provide the highlights of the new and enhanced features of the Cloud Authentication Service (CAS):
Disable FIDO Synced Passkeys
In the past, FIDO only allowed a single copy of each FIDO credential. FIDO Synced Passkeys are a new type of FIDO credential that are automatically synced to multiple computing devices (e.g., computer, mobile, and tablet) owned by a user.
The Cloud Authentication Service now provides a mechanism to disable the use of FIDO Synced Passkeys in the registration and use for authentication in the Cloud Administration Console on theAccess>FIDO Authenticationpage. Once synced passkeys are disabled, it is possible to set a grace period, so authentication will still work for users who have previously registered FIDO synced passkeys, and this will enable them to log intoMy Page>My Authenticatorsand register a new credential that is not a FIDO Synced Passkey.
RSA recommends that customers with high security use cases carefully consider the security reduction and potential regulatory implications of using FIDO Synced Passkeys in their deployments. FIDO Synced Passkeys offer convenience, but the security implications need to be fully understood before using them.
Note:In a future release, this setting will be disabled by default with a grace period set to allow time for existing users to register new authentication methods.
View Admin Event Monitor from the Cloud Administration Console
You can now view the audit log messages that describe Super Admin activities and their details from the Cloud Administration Console. You no longer need to use the Event Log API to retrieve audit log events. You can track and search for admin events for the past 90 days fromPlatform>Admin Event Monitor.
Configure Enrollment Settings for My Page
In theCloud Administration Console, you can now configure theEnrollmentsettings for My Page. You can generate a one-time code and provide an enrollment URL to users to enroll their first authenticator device in the Self-Service Console.
Set Up your RSA Mobile Lock Console Account
You can use the Cloud Administration Console to create an account to access the RSA Mobile Lock Console. After you verify your email address or corporate email ID, you will receive an email from Zimperium, RSA Partner for delivering the RSA Mobile Lock capability, to activate your account and set your password.
Note:This feature will be available if you have the Mobile Lock add-on included in your plan.
Updated Titles in the Cloud Administration Console
In the Cloud Administration Console, a couple of titles have been changed for clarity and consistency. In the Cloud Administration Console, clickPlatform, theAudit Loggingpage has been renamed toIDR Audit Logging. TheSSO Service Identity Providerstitle has been renamed toIDR SSO Service Identity Providerson theUsers>Identity Providerspage.
Rate Limiting the Cloud Administration APIs
API throttling controls the amount of traffic that Cloud Administration APIs can handle and limits how many calls can be made per second. When a request exceeds a rate limit, the request is throttled, and an HTTP 429 (too many requests) status code is returned.
RSA Authenticator 4.3 for iOS and Android - Coming Soon!
RSA Authenticator app V4.3 for iOS and Android will be released shortly. The new release is rebranded with the RSA logo and color schemes, and it supports code matching feature for Approve push notifications.
RSA Announces Availability of RSA Authentication Manager 8.7 SP1 Language Packs
The following table provides details about the available language packs in RSA Authentication Manager 8.7 SP1:
RSA Authentication Manager 8.7 SP1language packsare now available. Language packs provide translated versions of the Authentication Manager 8.7 SP1 user interfaces, online help, and selected documentation.
The following languages are now supported:
RSA Authentication Manager 8.7 SP1
For additional documentation, downloads and more, visit theRSA Communitypage on RSA Link.
End of Primary Support (EOPS) Policy
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to theProduct Version Life Cyclefor additional details.
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
Extended Support Level 1/ Level 2
Authenticator for macOS
Authentication Agent for Citrix StoreFront
Authenticate App for iOS and Android
Authenticator for iOS
Authenticator for Android
Third-Party Integrations from RSA Ready
The following integrations are recently completed or certified by RSA through the RSA Ready Technology Partner Program. Implementation Guides will be coming soon. For the complete catalog of Implementation Guides, seeSecurID Integrationson the RSA Community.
DocuSign (update)– updated support for the Cloud Authentication Service using SAML.
Okta as an IDP (new)– added support for using Okta as an IDP for the Cloud Authentication Service Administration Console and RSA My Page.
Ping as an IDP (new)– added support for using Ping as an IDP for the Cloud Authentication Service Administration Console and RSA My Page.
Sekoia XDR (new)– SIEM provider can now ingest the Authentication Manager logs via API.
Zendesk (update)– updated support for the Cloud Authentication Service using SAML.