Release Notes
RSA® Adaptive Authentication (On-Premise) Version 14.0.2.1 Release Notes
March 2019
This document lists what's new and changed in RSA Adaptive Authentication (On- Premise) 14.0.2.1, as well as workarounds for known issues. These Release Notes can be updated. The most current version is available on RSA Link.
l What's New in RSA Adaptive Authentication 14.0.2.1...... 2 l Supported Platforms...... 4 l Supported Browsers and Operating Systems...... 5 l Fixed Issues...... 8 l Fixed Documentation Issues...... 12 l Known Issues...... 14 l RSA Adaptive Authentication Documentation...... 17 l Support and Service...... 19 Release Notes
What's New in RSA Adaptive Authentication 14.0.2.1 RSA Adaptive Authentication (On-Premise) 14.0.2.1 includes these new features, enhancements, and changes. Changes in Version 14.0.2.1 (March 2019) New feature support for omnichannel fraud protection: RSA Adaptive Authentication (On-Premise) 14.0.2.1 now includes omnichannel fraud protection, which enables the application to provide centralized fraud detection and prevention across channels, such as Web, Mobile, ATM, IVR, Call Center, and Branch. This feature uniquely blends multiple RSA Adaptive Authentication components to provide omnichannel protection. With omnichannel protection, customers can send traffic from different channels and RSA provides fraud detection and prevention for each channel. This includes cross channel correlation and analysis providing a holistic view of user activities across the different channels used. Transactions from new channels are integrated into RSA Adaptive Authentication using the existing API fields to send the common data elements, such as user account and payee, and the custom facts fields to send the channel specific data. This feature provides:
l API integration through the different channel types in the applicable method (see Web Service API Methods in the API Reference Guide).
l Risk-based decisioning powered by the RSA Risk Engine, which provides risk assessment for the additional channels with cross-channel analysis.
l For channel specific data to be included in the risk assessment, customers can use Risk Score Custom Facts that are associated with the different channel types (see Custom Fact Parameters in the Back Office User Guide).
l Flexible rules-based policy management, which is channel oriented in the rule creation (see Managing Policies in the Back Office User Guide).
n New channel indicator mechanism when creating a rule: When creating a rule in the Policy Management application, the channel indicator is now set in the Manage Rules > New > New Rule > General page as opposed to the Conditions page. This change implements new channel indicator logic. After upgrading to the current RSA Adaptive Authentication (On- Premise) 14.0.2.1 version, all existing rules that were created before the upgrade will automatically have their channel type set to MOBILE and WEB. In addition, rules created using the previous channel indicator mechanism before the upgrade will not be editable. To edit an existing rule, created using the previous channel indicator mechanism, you can delete the old rule and create a new one with the new channel indicator mechanism. For more information, see the Channel Types, Add a Rule, Edit a Rule, and General Rule Parameters sections in the Back Office User Guide.
2 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
Note
When upgrading, you must run the rsa-rule-channel-migration utility to disable any rules that contain a condition associated to a channel indicator based on the previous channel indicator logic. For more information about the upgrade and utility, see the Upgrading Adaptive Authentication chapter and Run the rsa-rule-channel-migration Utility section in the Installation and Upgrade Guide.
l Ability to investigate omnichannel cases leveraging the channel indicators in the Case Management application (see the Device Details Fields and Advanced Tab Fields sections in Managing Cases in the Back Office User Guide).
n New support for omnichannel filtering in the Research Activities page in the Case Management application: It is now possible to filter the user activities by Channel Indicator in the Filters Activities section in the Research Activities page of the Case Management application. Once the filter is applied, the results are listed in a table in the Activities section of the page, where a new column called Channel has been added to the table. For more information, see Research Activity Filters in the Back Office User Guide.
l Ability to view the particular channel used to conduct the transaction, in the end-user activities for the past 90 days, using the Customer Service application (see User Activity History in the Back Office User Guide).
l Reports including omnichannel metrics. For more information on these reports, see the Raw Data Reports Guide and Managing Reports in the Back Office User Guide.
n New support for omnichannel metrics in the Billing Report: RSA Adaptive Authentication (On-Premise) now includes, in the Reports application of the Back Office, omnichannel metrics in the Billing Report. The Transactions section of the Billing Report now displays the number of transactions per channel, the monthly transactions trend by channel, and the transactions by organization per channel. In addition, the Active Users section of the Billing Report includes a break down of the number of active users per channel, the monthly active users trend by channel, and the number of active users by organization per channel for the selected month. These new omnichannel metrics are also included when the Billing Report is exported to a CSV file. For more information about the Billing Report and these changes, see Billing Report in the Back Office User Guide.
New Single Sign-on (SSO) support with the SHA-256 algorithm: RSA Adaptive Authentication (On-Premise) now supports the SHA-256 algorithm for Single Sign-on (SSO). For more information about integrating Single Sign-on with the Back Office applications, see Single Sign-On Integration in the Integration Guide and Single Sign-on (SSO) in the Back Office User Guide.
Enhanced sorting capabilities in the Case Management application: The enhancements related to sorting in the Case Management application include:
l Research Activities sorted by date: The activities listed in the Research Activities page in the Case Management application are now sorted by date
What's New in RSA Adaptive Authentication 14.0.2.1 3 Release Notes
from most recent. For more information, see Research Activities in the Back Office User Guide.
l View the Queue page columns can be sorted: It is now possible to sort various columns, such as Date Modified and User ID, for the case details displayed in the View the Queue page in the Case Management application. For more information, see View the Queue Page in the Back Office User Guide.
Enhancement to Policy Management list values: List values added to a list, in the List Content section of the Manage Lists page in the Policy Management application, are now sorted by the Value column in alphabetical order. For more information about adding a value to a list, see Add a Single Value to a List in the Back Office User Guide.
New Back button added to the View Case page in the Case Management application: A Back button has been added to the View Case page in the Case Management application. This enables users to navigate back to the list of results that were originally retrieved from either the Research Activities or View the Queue pages. For more information on this page, see View Case Page in the Back Office User Guide.
New Enable Device Manager Audit checkbox added to the Device Management section of the Administration Console: Using a superAdmin role in the Administration Console, Device Management section, you can now set whether audit data for a device is collected to help debug the device manager flow by selecting the Enable Device Manager Audit checkbox. For more information, see Device Management Parameters in the Back Office User Guide.
Supported Platforms There are different hardware, operating system, and work environment requirements to install RSA Adaptive Authentication (On-Premise) 14.0.2.1. All components should be installed on a Linux environment, and only the MSSQL Server should be installed on a Windows machine. Operating Systems RSA Adaptive Authentication (On-Premise) 14.0.2.1 supports these operating systems using a x86-64 architecture:
l Microsoft Windows Server 2012 R2 Datacenter 64-bit
Note
Some versions of Microsoft Windows have a vulnerability in HTTP.sys that can allow remote code execution. For more information about the vulnerability, see Microsoft Security Bulletin MS15-034. RSA recommends that, if you use one of the affected operating systems, you apply the patch released by Microsoft. For more information about the patch, see Microsoft Knowledge Base Article 3042553.
l Red Hat 7.4
4 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
Application Servers RSA Adaptive Authentication (On-Premise) 14.0.2.1 supports these application servers:
l tc Server 4.0.0
l Apache Tomcat 9.0.6
Databases RSA Adaptive Authentication (On-Premise) 14.0.2.1 supports these databases:
l DataStax Enterprise 5.1.6 (Operational data)
l Apache Cassandra 3.11.3 (Operational data)
l Microsoft SQL Server 2014 Enterprise Edition SP2 (Online and Offline data)
VMware If you are running application servers and databases that are supported by Adaptive Authentication and that are certified by the vendors on the operating system and VMware version that you are running, RSA supports the configuration.
Third Party Vendors RSA is responsible for providing customers with the RabbitMQ 3.7.5.
Java Runtime Environment Versions RSA Adaptive Authentication (On-Premise) 14.0.2.1 supports the Oracle JRE 1.8. Notification Hubs Leveraging push notifications through RSA Adaptive Authentication requires licensing the Azure Notification Hub directly with Microsoft. The overall challenge flow is unchanged, but the customer now manages the Notification Hub. The customer must set the table in Azure and follow RSA instructions, which includes creating an Azure table and performing some Azure API tasks, such as updating the API and cleaning up the API in the customer's Azure. RSA assumes no liability or responsibility for the Azure service. For more information, contact your RSA representative and see Integrating Microsoft Azure in the Installation and Upgrade Guide.
Supported Browsers and Operating Systems Device information can be collected from a range of browsers and operating systems. This topic describes supported browsers and operating systems, and limitations for specific features.
Note
These tables refer to the latest version of a browser unless the version is specified.
Supported Browser and Operating System Support RSA Adaptive Authentication uses JavaScript to retrieve distinctive device fingerprint information for these browser and operating system combinations.
Supported Browsers and Operating Systems 5 Release Notes
Browser Windows Windows Windows Windows Windows Windows Linux Mac X 10 8 7 Vista XP Server 2008
Edge Y
Internet Y Y Y Y Explorer 11.0
Internet Y Y Y Y Explorer 10.0
Internet Y Y Y Explorer 9.0
Internet Y Y Y Y Y Explorer 8.0
Opera Y Y Y
Firefox Y Y Y Y Y Y Y
Safari 7 Y Y
Google Y Y Y Y Y Y Y Chrome
These browser limitations exist:
l These browsers cannot detect the System Language and User Language values:
n Firefox
n Mozilla
n Safari
l The Opera browser cannot detect the System Language value.
l The software value can only be detected in Windows operation system browsers.
l Geolocation information collection for mobile browsers is supported by the following W3C Geolocation API types:
n HTML5
n BlackBerry proprietary API (version 4.1 and later)
l Due to known limitations, the device fingerprint is not collected from BlackBerry devices.
l The Trojan Protection features support Microsoft Internet Explorer 9. For Internet Explorer 8, you must include the JSON code. These features are not supported by previous Internet Explorer versions that do not support JSON. For more information, see RSA Adaptive Authentication Integration Guide.
l Due to known limitations in Microsoft Internet Explorer 7, 8 and 9, the collection of data required for the HTML injection protection feature doesn't include the collection of the functions (only the input fields and iFrames are collected for this browser).
l Flash shared object (FSO) is not compatible with the Safari 1.0 browser; however, you can use the Device Fingerprint JavaScript code to gather other device fingerprint data.
6 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
Mobile Devices and Browsers with Java Collection Support These mobile devices and browsers support JavaScript data collection. Mobile iOS Android BlackBerry Windows Browser Mobile
Chrome Y Y
Firefox Mobile Y
Safari Y
Opera Y Y
Opera Mini Y Y Y
Skyfire 4.0 Y Y
WebKit Browser Y
RIM BlackBerry Y
Internet Explorer Y
Operating System and Browser Support for Back Office Applications These operating system and browser combinations are supported for operation with the Back Office applications. Browser Windows 10 Windows 8 Windows 7 Windows XP
Internet Y Y Y Explorer 11.0
Internet Y Y Y Explorer 10.0
Internet Y Explorer 9.0
Firefox Y Y Y Y
Google Chrome Y Y Y
Supported Browser and Flash Component Combinations These browser and Flash component combinations are supported for operation with Flash shared objects (FSO). Browser Flash 11 Latest Version of Flash
Internet Explorer 11.0 Y
Internet Explorer 10.0 Y
Internet Explorer 9.0 Y Y
Internet Explorer 8.0 Y Y
Opera Y Y
Firefox Y
Safari Y
Chrome Y
Supported Browsers and Operating Systems 7 Release Notes
Fixed Issues This section lists the major fixed issues in this release. Issues Fixed in Version 14.0.2.1 (March 2019)
Administration Console
Tracking Description Resolution Number
NGOP-166 When configuring Scheduled These parameters have been removed Tasks, these parameters were from the user interface and are no longer listed, even though they were included in the documentation. See not relevant to configure for Scheduled Tasks in the Back Office User RSA Adaptive Authentication Guide. (On-Premise):
l Case Management Events Marking Logger
l Channel Determination Version
l Create Partitions
l Delete Bindings
l User Desktops Volume Growth
API
Tracking Description Resolution Number
NGAC-9801 When migrating from RSA These rules now work as expected in RSA Adaptive Authentication Adaptive Authentication (On-Premise), (Hosted) 11 to RSA Adaptive when lastAccountOpenDate and Authentication (On-Premise), onlineServiceEnrollDate are sent rules using the conditions # of in the SOAP requests, including previous Hours Since User ACCT SOAP requests. Therefore, for this rule was Opened and # of Hours to work as previously intended, this data Since User Enrollment no must be added to the SOAP as part of longer triggered the same the userData or newUserData tags. transactions in the On-Premise Now, we are able to trigger rules based environment. on this data from the previous SOAP calls. This sample code provides an example of sending this in the userData tag:
8 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
API
Tracking Description Resolution Number
NGAC-9826 When migrating from RSA RSA Adaptive Authentication (On- Adaptive Authentication Premise) has been updated to insert this (Hosted) 11 to RSA Adaptive missing
NGAC-10197 When an end-user was enrolled RSA Adaptive Authentication now in an authentication method, correctly reports on the end-user such as SMS using TeleSign, enrollment. and was then unenrolled and got locked out of the application, unexpected behavior was exhibited when the user was subsequently unlocked. When the user was unlocked and verified, the end-user was incorrectly reported as being enrolled to the authentication method, which they were unenrolled from.
Case Management Application
Tracking Description Resolution Number
NGAC-8562 When searching for activities in The Event Resolution filter now works the Research Activities page as expected and limits the results based and any of the Event on the status option selected. Selecting Resolution filter options were the Any option, retrieves all possible applied, all the activities were event resolution statuses. For more retrieved as opposed to filtering
Fixed Issues 9 Release Notes
Case Management Application
Tracking Description Resolution Number
the results based on the information, see Research Activities particular event resolution Filters in the Back Office User Guide. status selected.
NGAC-10008 The list of cases on the View The View the Queue and Process the Queue and Process Queue pages now lists the cases Queue pages were not according to the time the cases must be organized according to the time reviewed. when the cases must be reviewed as explained in the Case Priority section in the Back Office User Guide.
NGAC-10222 The page navigation was The page navigation on the View the missing from the View the Queue and View Case pages is now Queue and View Case pages, working as intended. and it was only possible to view the results listed on the first page without being able to navigate to another page.
Installation
Tracking Description Resolution Number
NGOP-3 When configuring the This has been fixed so that it is no longer connection parameters of the mandatory to enable partitioning as part Microsoft SQL Server Offline of the installation. For more information, Database as part of the see Configure the Connection installation, it was mandatory to Parameters of the Microsoft SQL Server enable partitions. Otherwise, Offline Database in the Installation and the connection did not work Upgrade Guide. correctly.
Policy Management Application
Tracking Description Resolution Number
NGAC-10012 List values added to a list were List values are now sorted in alphabetical only sorted by the Value order on both pages. column in alphabetical order in the List Content section of the Edit List page and not the Manage Lists page.
NGAC-10098 When migrating from RSA User IDs for first time customers are now Adaptive Authentication hashed using SHA1+BASE64 encryption, (Hosted) 11 to RSA Adaptive which ensures that these rules are Authentication (On-Premise), triggered in the Policy Management User IDs for first time application. customers were not hashed
10 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
Policy Management Application
Tracking Description Resolution Number
using SHA1+BASE64 encryption. As a result, rules that were supposed to be triggered by User ID failed to trigger in the Policy Management application for first time customers.
NGAC-10301 When editing a rule, it was It is no longer possible to bypass the rule possible to click the rule section validation and the rule section links now links at the top of the screen work as expected. (General, Conditions, Actions, and Summary) and bypass the rule validation. As a result, a rule could be saved without undergoing a proper validation including checking whether all mandatory fields, such as event type or channel, are defined.
Reports Application
Tracking Description Resolution Number
NGAC-9949 Usage Reports generated by These event type links have been RSA Adaptive Authentication removed. As a result, the Usage Report displayed Event Types, which section in the Back Office User Guide has appeared to be working links been updated to reflect these changes. that should have displayed analyzed data on a graph based on the event type that was clicked. Yet, this functionality was not supported, and resulted in a permissions error.
NGAC-10349 When a user with admin level These organization links have been privileges, attempted to removed from the Organization Name drilldown on a generated Billing column. As a result, the Reports and Report to display more data Billing Report sections in the Back Office about a particular organization User Guide have been updated to reflect by clicking the organization link these changes. To view Billing Report in the Organization Name details at an organization level, generate column, the link did not work, the report for the specific organization. and resulted in a permissions error.
Fixed Issues 11 Release Notes
Fixed Documentation Issues This section lists the major fixed documentation issues. Issues Fixed in 14.0.2.1 (March 2019) Tracking Number Description Resolution
NGAC-9781 In the API Reference Guide, The Sample getActivities the example code for the SOAP Response section in getActivities SOAP the API Reference Guide now response contained an contains a correct value for incorrect value for the the triggeringRuleType triggeringRuleType data data element. element.
NGAC-9799 When uploading challenge The Upload Challenge questions as a CSV file, the Questions section in the Back Back Office User Guide did Office User Guide now not explain how to handle explains that when commas commas included as part of are included as part of the the text, so that the comma text, quotation marks should was not considered a column be inserted around the entire separator. text string in the Question Value column.
NGAC-9831 The RSA Adaptive These documents are now Authentication documentation updated with this information: was missing information l Single Sign-on Integration related to Single Sign-on in the Integration Guide. (SSO): l Single Sign-on (SSO), l RSA Adaptive Security Parameters, Authentication supports Case Assignment, Case only the SHA-1 algorithm Grouping, Case for Single Sign-on (SSO). Management Menu, View l When SSO is enabled, the the Queue Page, Edit case assignment mode is Case Details, Operator automatically disabled in Management, and the RSA Adaptive Operator Group Authentication Case Management sections in Management application. the Back Office User As a result, certain Guide. features are no longer l New Functionality in the available in the Back Office Applications application including the in the Migration Guide. Manage menu item from the Case Management menu and the Assigned to filter in the View the Queue page.
NGAC-9832 In the Back Office User This recommendation has Guide, the description of the been removed from the Enable Device Recovery parameter description. for the Mobile Browser
12 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
Tracking Number Description Resolution
parameter included a recommendation from RSA about disabling the device recovery for activities originating from mobile browsers, which is no longer relevant.
NGAC-10005 In the Back Office User The Research Activities Guide, the number of results Filters section in the Back displayed by each filter in the Office User Guide now states Research Activities page the correct number of results of the Case Management displayed in the Research application was listed as Activities page. 1,000. This was incorrect and should have been 500.
NGAC-10496 For customers migrating from The documentation now RSA Adaptive Authentication includes these changes: (Hosted) 11 to RSA Adaptive l The Policy Manager Authentication (On-Premise) Application Modifications using the 6.5 API, the RSA section in the Migration Adaptive Authentication Guide has been updated documentation did not explain to explain the differences which event types were only between the event types supported using the 7.0 API, supported and the even though these event ramifications in the types were available in the application. user interface. In addition, certain event types supported l The List of Event Types in the 6.5 API are no longer appendix in the Back supported using the 7.0 API, Office User Guide now and are no longer available in states which event types the user interface. are only supported when using the 7.0 API, and provides more information for customers migrating from RSA Adaptive Authentication (Hosted) 11.
NGAC-10862 The documentation included This content has been content related to an old fact removed from the Device called Device Assurance section from the Identification Assurance Back Office User Guide. Level, which is no longer supported.
NGOP-163 Push notifications for out-of- The documentation now band biometrics or includes these changes: transaction signing that are l A new appendix called supported by Adaptive Integrating Microsoft Authentication and integrated Azure has been added in in Mobile SDK Modules 3.11 the Installation and must be sent using a Cloud
Fixed Documentation Issues 13 Release Notes
Tracking Number Description Resolution
Service, such as Microsoft Upgrade Guide, which Azure, or using the provides the missing customer's own internal push instructions. mechanism infrastructure. l The Introduction to RSA Mobile SDK Modules use Azure App Services to handle Adaptive Authentication section in the Product persistent and push Overview Guide has been notifications through updated. Microsoft Azure notification hubs. Yet, there were no l The Understanding the instructions to explain how to Anonymization setup Microsoft Azure for the Requirements of Adaptive Authentication Personally Identifiable Mobile SDK Modules to Information (PII) in the leverage the Adaptive API Reference Guide Authentication methods. contains updates for the User ID element.
l The Azure Configuration Parameters, Out-of-band Biometrics Authentication Parameters, and Transaction Signing Authentication Parameters sections in the Back Office User Guide have been updated.
NGOP-188 Instructions explaining how to The Installation Guide has upgrade from the previous been renamed to the version of RSA Adaptive Installation and Upgrade Authentication to the current Guide and now includes a version were missing from the chapter called Upgrading documentation. Adaptive Authentication.
Known Issues This section describes issues that remain unresolved in this release.
Tracking Number Known Issue
N/A You cannot use the Create, Read, Update, and Delete (CRUD) functionality for custom roles. In the Access Management application, you can only apply predefined roles. Users with custom roles are not able to access the Case Management application. Only users with the following predefined roles have access to the Case Management application:
l admin
l operatormanager
14 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
Tracking Number Known Issue
l operator
l fraudanalyst
l LookupUserViewer
NGAC-1509 A Back Office user can be denied read permissions and at the same time have edit permissions. When the Back Office user tries to log in to edit user details, a system error occurs.
NGAC-2134 In the Policy Management report, if more than one organization has a private rule with the same name, and one of those rules is triggered, the Policy Management report counts the rule as triggered for all organizations.
NGAC-2553 If you are using SSO (Single Sign-on), when clicking on Logout, the user is not logged out because SAML is managing the session.
NGAC-2911 If you are using SSO (Single Sign-on), when the session times out the Back Office user is redirected to the RSA Adaptive Authentication Logon page, instead of your organization's Logon page. As a workaround, the Back Office user should browse to your organization's Logon page.
NGAC-3060 In the Customer Service application, the Reset All checkbox does not unenroll the user when the user is enrolled in more than two authentication plug-in methods.
NGAC-3884 In the Policy Management application, RSA Adaptive Authentication allows you to include non-Latin characters in the name of a custom fact. You cannot, however, convert this fact to a Risk Score Custom Fact since non-Latin characters are not currently supported in the name of a Risk Score Custom fact.
NGAC-3885 In the Policy Management application, RSA Adaptive Authentication allows you to include symbols in the name of a custom fact. You cannot, however, convert this fact to a Risk Score Custom Fact since symbols are not currently supported in the name of a Risk Score Custom fact.
NGAC-5507 If you edit a rule with TRXSIGN as the Authentication Method and change the Event Type to a type other than Payment, which is the only valid Event Type, the system will allow you to save the rule, however, the TRXSIGN ACSP will not be available.
NGAC-6059 In the Customer Service application, the failed authentication attempts count is reset to zero in error after a customer service representative resets a session for an end user. In this case, only the session count should be reset to zero and not the failed authentication attempts count.
NGAC-6131 If you attempt to install RSA Adaptive Authentication on a system that had a previous installation of RSA Adaptive Authentication On-Premise, you receive this message on the Welcome window:
Known Issues 15 Release Notes
Tracking Number Known Issue
A previous installation has been detected. Do you wish to update that installation?
l Yes, update the existing installation
l No, install into a different directory The option to update the existing installation is not available and you must choose the option to install the system on a different directory.
NGAC-6136 In the Access Management application, the system allows you in error to delete a role when the role is assigned to other users.
NGAC-6345 In the Policy Management application, a list with type "User ID" is not supported for migrated customers.
NGAC-7026 When sending an empty UPDATE_PHONE_NUMBER string in an Update User API SOAP call to update the phone number for an end user enrolled in TeleSign Out-of-Band Phone or SMS, the existing phone number will be erased.
NGAC-7705 If the Enable Implicit Binding parameter in the Device Management section of the Administration Console is enabled, and you send an Analyze SOAP call, the SOAP response does not correctly indicate that the device has been bound to the end user in the case where the action in the response is ALLOW.
NGAC-8126 In the Policy Management application, when creating a rule using the "Moved to New IP Too Fast" fact, the rule does not work as expected.
NGAC-8245 When deleting a rule that triggered, there is no record of this rule in the Policy Management report.
NGAC-9021 In the Policy Management application, creating a rule based on a custom fact, with an operator that is using another custom fact, is not currently supported.
NGAC-9558 There are no reports available for the evaluation of Risk Score Custom Facts.
NGAC-10568 In the Policy Management application, it is possible to create rules using the predefined Device IP is Diff from Previous IP fact, which is not currently supported. This fact should not be used and will be removed from the user interface in an upcoming release.
NGOP-170 In the Reports application, when Billing Reports are exported by RSA Adaptive Authentication, the CSV file name begins with the text "AAH" instead of "AAOP".
NGOP-216 Any parameters and configuration options related to RDP Trojan Protection are not currently supported.
NGOP-223 In the Case Management application, it is not currently possible to filter cases by Custom User Activity in the Filter Cases section in the Process Custom Queue page.
16 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
Tracking Number Known Issue
Once the filter is selected, no options are available to choose from in the Custom User Activity drop-down list.
NGOP-231 The rsa-policy-report-aggregation utility is currently not supported and cannot be run.
NGOP-246 When upgrading Adaptive Authentication (On-Premise) from the previous version to the current version, it is not possible to use the new var file to prepopulate values for the installation parameters, and this causes the upgrade installation to fail. To avoid this, copy the existing varfile from the previous version to the newly extracted installer for the current version and rename the file to AA- OnPrem.XX.X.X.X.Unix.Upgrade.varfile, where XX.X.X.X represents the current version, such as 14.0.2.1.
N/A Integrating Single sign-on (SSO) to use a single authentication process to access the customer's system and the RSA Adaptive Authentication Back Office applications is currently not supported.
N/A In the Policy Management application, to ensure that a list with type "User ID" functions as intended, end-user names within a list must be aligned with your configurations in the Administration Console regarding these parameters:
l Sensitive Information Hashing Validation Action
l List ID Masking
AANG-556 The Raw Data Reports and the Back Office reports, do not run on data from the same 24-hour period.
AANG-742 In the Back Office application, when downloading challenge questions containing non-Latin characters to a CSV file, challenge questions are not displayed correctly. For example, a challenge question in Spanish which includes the following character: ñ, would not be displayed correctly.
RSA Adaptive Authentication Documentation The RSA Adaptive Authentication documentation set is comprised of these documents. API Reference Guide Describes RSA Adaptive Authentication Web Services API methods and parameters. This guide also describes how to build your own web services clients and applications using a web services API to integrate and utilize the capabilities of RSA Adaptive Authentication.
Authentication Plug-In Developer's Guide Describes the Authentication Plug-In development process that enables external authentication providers to integrate their products with RSA Adaptive Authentication.
RSA Adaptive Authentication Documentation 17 Release Notes
Back Office User Guide Provides an overview of these Back Office applications: The Administration Console, Policy Management, Case Management, Access Management, Customer Service Administration, and Reports. Installation and Upgrade Guide Provides detailed information on how to install, configure, and upgrade RSA Adaptive Authentication.
Integration Guide Describes how to integrate and deploy RSA Adaptive Authentication.
Operations Guide Provides information on how to administer and operate RSA Adaptive Authentication.
Performance Guide Provides information about performance testing and performance test results for the current release version of RSA Adaptive Authentication.
Product Overview Guide Provides a high-level overview of RSA Adaptive Authentication, including system architecture.
Raw Data Reports Guide Describes the Raw Data Reports feature and provides examples of Raw Data Reports. It includes report requirements, content of the reports, transfer methods to a client, and configuration and customization options.
Release Notes Provides information about what is new and changed in this release, as well as workarounds for known issues. It also includes the supported platforms and work environments for platform certifications. The latest version of the Release Notes is available on RSA Link®.
Security Configuration Guide Provides recommendations for securely configuring your network and RSA Adaptive Authentication.
Workflows and Processes Guide Describes the workflows and processes that allow end users to interact with your system and that allow users to interact with RSA Adaptive Authentication.
Reference Documentation for Migrating Customers Customers migrating from RSA Adaptive Authentication (Hosted) 11 must reference the RSA Adaptive Authentication (Hosted) 11 documentation as long as their system uses API requests from the RSA Adaptive Authentication (Hosted) 11 API. Change Affecting API Requests When you migrate from the RSA Adaptive Authentication (Hosted) 11 to the current version of the RSA Adaptive Authentication (Cloud)(On-Premise), certain API requests that included userName parameters must be changed. Previously, the userName parameters were optional to define, but are now mandatory to set in the cloud environment using the 6.5 API. Migrating customers must ensure their
18 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
implementation follows these guidelines of setting the userName parameter in these API requests in the RSA Adaptive Authentication (Cloud)(On-Premise):
l query request
l updateUser request
l challenge request
l authenticate request
NOTICE
SinceWhen RSA Adaptive Authentication requires customersis configured to send personal information anonymized, the userName parameter must be sent anonymized. We recommend using SHA-256 as the anonymization method. For more information on these requirements and the anonymization methods supported, see Understanding the Anonymization Requirements of Personally Identifiable Information (PII) in the API Reference Guide.
Note
The RSA Adaptive Authentication 14.0 14.0.2.1 API adapter translates requests from the RSA Adaptive Authentication (Hosted) 11 API to the new format. When you change your implementation so that all requests are from the RSA Adaptive Authentication 14.0 14.0.2.1 API, use the complete RSA Adaptive Authentication 14.0 14.0.2.1 documentation set.
For information about RSA Adaptive Authentication (Hosted) 11 API values and workflows, and for information about migrating to RSA Adaptive Authentication 14.0 14.0.2.1, see these guides: RSA Adaptive Authentication (Hosted) 11.0 API Reference Guide Describes overall business workflows of RSA Adaptive Authentication (Hosted), web service methods, and data elements for each of the methods.
RSA Adaptive Authentication (Hosted) 11.0 API Programmer's Guide Describes the web services offered by RSA Adaptive Authentication (Hosted) and the common use cases associated with each service.
RSA Adaptive Authentication (Hosted) 11.0 Data Gathering Techniques Guide Describes the implementation mechanisms that allow your organization’s application or web site to collect data from the user's device and pass it to the RSA system using the SOAP API.
RSA Adaptive Authentication (Cloud) 14.0(On-Premise) 14.0.2.1 Migration Guide Describes the migration process from RSA Adaptive Authentication (Hosted) 11 to RSA Adaptive Authentication (Cloud) 14.0(On-Premise) 14.0.2.1.
Support and Service
RSA Link ® https://community.rsa.com/welcome
Customer Support Information https://www.rsa.com/en-us/services/rsa- product-and-customer-support
Support and Service 19 Release Notes
RSA Ready Community https://community.rsa.com/community/ products/rsa-ready
RSA Link offers a knowledgebase that contains answers to common questions and solutions to known problems. It also offers information on new releases, important technical news, product documentation, and software downloads. The RSA Ready Community provides information about third-party hardware and software products that have been certified to work with RSA products. The community includes RSA Ready Implementation Guides with step-by-step instructions and other information about interoperation of RSA products with these third-party products. The Downloads section of RSA Link contains the data collection library and WSDL files for released versions. For more information on the files in the data collection library, see the Integration Guide.
20 RSA Adaptive Authentication (On-Premise) 14.0.2.1 Release Notes Release Notes
Copyright © 2019 RSA, The Security Division of EMC All rights reserved.
Published March 2019
Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.“ DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.
Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the USA.
Support and Service 21