|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
|Issue||Setting a fixed passcode via RSA Authentication Manager Bulk Admin (AMBA) with Add User and Password (AUP) leaves the fixed passcode in New PIN Mode, forcing a change of the fixed passcode or password on initial logon. This is problematic when creating test users for automated testing.|
The solution is adding a second step of setting the password changenot to be required in a SQLcommnd. In this way, the first logon does not enter New PIN Mode to change the assigned fixed passcode. This is extremely useful when creating test accounts in bulk.
|Cause||RSA Authentication Manager Bulk Admin does not have the ability to set a fixed passcode that is not in New PIN Mode. This is a security feature designed for real users not test users. Setting a fixed passcode that is not in New PIN MOde must be dome in SQL. See Resolution below for steps.|
The AMBA command Add User with Password (AUP) has a SetPIN option to set the fixed passcode. Refer to the page 43 of the RSA Authentication Manager 8.4 Bulk Administration Utility (AMBA) Guide.
If you are at a version lower than 8.4, be sure to use the correct guide for your deployment.
To make these changes, first access SQL on the Authentication Manager primary, find all the Test UserIDs or logonuid field in the ims_principal_data table, which will show an internal ID for each UserID, then we look up all the password_change_required field in the am_principal table, which does not have logonuid but does have the id field.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
|Notes||The original article had an Admin API program that created users and fixed passcodes (see the attached original API commands.txt), but it is much easier to use AMBA AUP to do this.|
|Legacy Article ID||a51089|