Cloud Authentication Service (CAS) Updates
The following subsections provide the highlights of the new and enhanced features of the Cloud Authentication Service (CAS):
Disable FIDO Synced Passkeys
In the past, FIDO only allowed a single copy of each FIDO credential. FIDO Synced Passkeys are a new type of FIDO credential that are automatically synced to multiple computing devices (e.g., computer, mobile, and tablet) owned by a user.
The Cloud Authentication Service now provides a mechanism to disable the use of FIDO Synced Passkeys in the registration and use for authentication in the Cloud Administration Console on the Access > FIDO Authentication page. Once synced passkeys are disabled, it is possible to set a grace period, so authentication will still work for users who have previously registered FIDO synced passkeys, and this will enable them to log into My Page > My Authenticators and register a new credential that is not a FIDO Synced Passkey.
RSA recommends that customers with high security use cases carefully consider the security reduction and potential regulatory implications of using FIDO Synced Passkeys in their deployments. FIDO Synced Passkeys offer convenience, but the security implications need to be fully understood before using them.
Note: In a future release, this setting will be disabled by default with a grace period set to allow time for existing users to register new authentication methods.
View Admin Event Monitor from the Cloud Administration Console
You can now view the audit log messages that describe Super Admin activities and their details from the Cloud Administration Console. You no longer need to use the Event Log API to retrieve audit log events. You can track and search for admin events for the past 90 days from Platform > Admin Event Monitor.
Configure Enrollment Settings for My Page
In the Cloud Administration Console, you can now configure the Enrollment settings for My Page. You can generate a one-time code and provide an enrollment URL to users to enroll their first authenticator device in the Self-Service Console.
Set Up your RSA Mobile Lock Console Account
You can use the Cloud Administration Console to create an account to access the RSA Mobile Lock Console. After you verify your email address or corporate email ID, you will receive an email from Zimperium, RSA Partner for delivering the RSA Mobile Lock capability, to activate your account and set your password.
Note: This feature will be available if you have the Mobile Lock add-on included in your plan.
Updated Titles in the Cloud Administration Console
In the Cloud Administration Console, a couple of titles have been changed for clarity and consistency. In the Cloud Administration Console, click Platform, the Audit Logging page has been renamed to IDR Audit Logging. The SSO Service Identity Providers title has been renamed to IDR SSO Service Identity Providers on the Users > Identity Providers page.
Rate Limiting the Cloud Administration APIs
API throttling controls the amount of traffic that Cloud Administration APIs can handle and limits how many calls can be made per second. When a request exceeds a rate limit, the request is throttled, and an HTTP 429 (too many requests) status code is returned.
RSA Authenticator 4.3 for iOS and Android - Coming Soon!
RSA Authenticator app V4.3 for iOS and Android will be released shortly. The new release is rebranded with the RSA logo and color schemes, and it supports code matching feature for Approve push notifications.
RSA Announces Availability of RSA Authentication Manager 8.7 SP1 Language Packs
The following table provides details about the available language packs in RSA Authentication Manager 8.7 SP1:
| Summary |
RSA Authentication Manager 8.7 SP1 language packs are now available. Language packs provide translated versions of the Authentication Manager 8.7 SP1 user interfaces, online help, and selected documentation.
The following languages are now supported:
-
French
-
German
-
Japanese
-
Brazilian Portuguese
-
Spanish
|
| Affected Products |
RSA Authentication Manager 8.7 SP1 |
| Details |
For additional documentation, downloads and more, visit the RSA Community page on RSA Link. |
| End of Primary Support (EOPS) Policy |
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details. |
Upcoming End of Primary Support (EOPS) Details
The following table provides details of the RSA products reaching the end of support within the next six months:
| Product |
Version |
EOPS Date |
Extended Support Level 1/ Level 2 |
| Authenticator for macOS |
5.0 |
Mar 2024 |
No |
| Authentication Agent for Citrix StoreFront |
2.0.x |
Mar 2024 |
No |
| Authenticate App for iOS and Android |
3.9.x |
Mar 2024 |
No |
| Authenticator for iOS |
4.1.5 |
Jan 2024 |
No |
| 4.1.0 |
| Authenticator for Android |
4.1.6 |
Jan 2024 |
No |
| 4.1.0 |
Third-Party Integrations from RSA Ready
The following integrations are recently completed or certified by RSA through the RSA Ready Technology Partner Program. Implementation Guides will be coming soon. For the complete catalog of Implementation Guides, see SecurID Integrations on the RSA Community.
-
DocuSign (update) – updated support for the Cloud Authentication Service using SAML.
-
Okta as an IDP (new) – added support for using Okta as an IDP for the Cloud Authentication Service Administration Console and RSA My Page.
-
Ping as an IDP (new) – added support for using Ping as an IDP for the Cloud Authentication Service Administration Console and RSA My Page.
-
Sekoia XDR (new) – SIEM provider can now ingest the Authentication Manager logs via API.
-
Zendesk (update) – updated support for the Cloud Authentication Service using SAML.
