000037461 - Generate a report of users with more than one token assigned in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jul 18, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037461
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.x
IssueThis article explains how to generate a report that indicates the users with more than one token assigned.
Resolution
  1. Launch an SSH client, such as PuTTY.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.



  1. Enter the following command to get the database password:

rsaadmin@am83p:> /opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password 
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.db.dba.password: ckg2DBtNZLy80TADWcGqdF0NOJygAQ


 


Note that the database password will be different for each installation of Authentication Manager.


 


  1. Use the following queries to generate the desired report(s):
    • Generate a report with users that have more than 1 token assigned (2 or 3)

rsaadmin@am83p:>/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( select PD.loginuid from am_token AM join ims_principal_data PD on AM.principal_id=PD.id group by loginuid having count(*)>1) TO STDOUT WITH CSV HEADER " > /tmp/report_usertoken1.csv


 


Password for user rsa_dba: <enter the com.rsa.db.dba.password string from above>


  • Generate a report for users that have only two tokens assigned:

rsaadmin@am83p:>/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( select PD.loginuid from am_token AM join ims_principal_data PD on AM.principal_id=PD.id group by loginuid having count(*)=2) TO STDOUT WITH CSV HEADER " > /tmp/report_usertoken2.csv 


  • Generate a report for users that have exactly three tokens assigned:

rsaadmin@am83p:> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( select PD.loginuid from am_token AM join ims_principal_data PD on AM.principal_id=PD.id group by loginuid having count(*)=3) TO STDOUT WITH CSV HEADER " > /tmp/report_usertoken3.csv


 


  1. The reports are saved in /tmp. You can copy the reports using the WinSCP application to your local PC and view them using Excel.

Attachments

    Outcomes