000038308 - RSA NetWitness GUI does not allow existing external useraccount to log in when Active Directory groups removed and re-added.

Document created by RSA Customer Support Employee on Jan 28, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038308
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: NetWitness GUI
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
IssueWhen Active Directory groups were removed and re-added in ADMIN->Security->External Group Mapping page, Existing external user account (without domain) gets authentication error while logging in to NetWitness GUI.

However, UserPrincipleName (USER@DOMAIN.COM) able to login GUI.
CauseThis issue is due to existing external user account conflict.

ResolutionWhen external user first time logs in to GUI, useraccount will be created automatically in ADMIN->Security->Users page.
When Active Directory groups removed and re-added. The user account should be recreated during the first login.

Please follow the below steps to allow User (without domain) to login GUI.
  1. Navigate to ADMIN->Security->Users page.
  2. Select all existing old external user accounts (without domain) and delete them.
  3. Verify GUI login with the user account (without domain) which will be a success.
Note: User custom dashboards still exist as earlier access.