000038501 - Authentication failed error when attempting to log in to the RSA SecurID Access Cloud Administration Console

Document created by RSA Customer Support Employee on Feb 24, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038501
Applies ToRSA Product Set: RSA SecurID Access
RSA Product/Service Type: Cloud
IssueAfter enabling additional (step-up) authentication for the Cloud Administration Console, or after changing a setting, such as the Access Policy for additional authentication or the Assurance Level that it uses, one or more administrators are unable to log in to the Cloud Administration Console.

The following error shows when attempting to log in to the console after using the Forgot Password link:

Authentication failed
CauseThe Access Policy that is configured for step-up authentication denies the authentication. Some examples of why this may occur include:
  • The user is not in a target population that is configured in the Access Policy that can access the Cloud Administration Console.
  • The login attempt matches a Deny Access rule that is configured in the Access Policy. For example, logging in from a country that is denied access, or the user's network is not on the Trusted Network list.
  • The login attempt matches an Authenticate rule, but the configured Assurance Level only allows authentication methods that are not available to the administrator's user. For example,
    • Approve when the administrator's user does not have a registered RSA Authenticate app device, or
    • RSA SecurID when the administrator's user does not have an assigned RSA SecurID token.
ResolutionFollow the instructions for Troubleshooting Cloud Administration Console Issues to resolve the issue.