on May 1, 2019Article Content
| Article Number | 000037403 |
| Applies To | RSA Product Set: SecurID Access RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.4 |
| Issue | Attempting to authenticate with an RSA Authentication Agent using an Authenticate tokencode results in authentication failure and the following error in Authentication Manager logs: Error: Principal does not possess one or more authenticators |
| Cause | This is due to an Authentication Manager software defect that can occur if the user previously had one or more tokens but now has no tokens assigned. |
| Resolution | This defect that will be fixed in a future Authentication Manager release. |
| Workaround | Either temporarily assign the user a fixed passcode or another SecurID token or use the command line utility described by Enable the RSA SecurID Authenticate App for Specific Users. Note that a token temporarily assigned for this workaround can be unassigned once the Authenticate tokencode has successfully been used for authentication. |
| Notes | This authentication scenario where the user has no tokens does succeed if the user never previously had any assigned tokens. |