SecurID® Product Advisories

Read and subscribe to the latest announcements and advisories relating to the SecurID product.

Upcoming Release Highlights for RSA MFA Agents


This document provides an overview of the major features that will be available in the upcoming releases and deprecated features of Agents.

What’s coming

RSA is committed to delivering high-quality products that offer a seamless experience to its customers. As part of this commitment, RSA is developing new versions of its Agents that will provide enhanced features and functionality. The upcoming Agents are:

  • RSA MFA Agent 9.0 for PAM
  • RSA MFA Agent 3.0 for Microsoft AD FS
  • RSA MFA Agent 3.0 for Citrix Agent

These Agents are expected to be released soon and will provide customers with more options and flexibility for securing their resources with RSA.
Note: UDP mode is not supported in upcoming agents, and you cannot use both UDP and REST modes on the same machine. For more information, see Deprecated feature section below.

What’s new

RSA is excited to announce the upcoming release of agents with major features that include:

Authentication Manager failover support and load balancing improvements: One of the biggest advantages that RSA offers to its Hybrid customers is Hybrid High Availability. This feature uses an Authentication Manager failover mechanism that automatically balances the load between Authentication Manager primary and replica servers, reducing the single point of risk failure for our Hybrid customers. Whether the failure occurs in the cloud or on-premises, RSA Hybrid High Availability can handle it all.

Code-to-match enhancements: Organizations can use the code-to-match feature to enhance security and prevent MFA Fatigue attacks. This feature adds a code confirmation to the push notifications. RSA is making this feature available to all commercial customers (not just FedRAMP).

Third-party library: Updating third-party library dependencies can enhance security, resolve compatibility issues, and fix bugs.

Rebranding and terminology changes: RSA is gradually introducing a new consistent and standard terminology across all products and platforms. This also reflects brand value and builds customer trust and clarity among internal stakeholders.

Deprecated feature

UDP mode no longer supported in upcoming Agents: Authentication Agent for PAM 8.x, Authentication Agent for Microsoft AD FS 2.x, and Authentication Agent for Citrix 2.x support both UDP and REST protocol modes for communicating with RSA Authentication Manager. UDP mode is a legacy option that allows agents to use the UDP protocol and hardware OTP credentials for MFA. However, UDP mode is not supported in upcoming agents, and you cannot use both UDP and REST modes on the same machine with them.

Customers who are using the existing Agents in UDP mode must switch to REST mode. You can change the UDP protocol authentication mode to the REST protocol for RSA Authentication Manager or the Cloud Authentication Service.

Upcoming End of Primary Support Details

To know more about the EOPS details, refer to Product Version Life Cycle for SecurID - RSA Community.

Labels (2)
No ratings
Version history
Last update:
‎2023-06-09 02:28 AM
Updated by:
Article Dashboard