000038833 - Trusted Network policy attribute does not work correctly with applications configured after disabling Identity Confidence Collection with the RSA SecurID Access Application Portal

Document created by RSA Customer Support Employee on May 7, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038833
Applies ToRSA Product Set: SecurID Access
RSA Product/Service Type: Cloud Authentication Service, Identity Router
RSA Version/Condition: Identity Router
IssueThere are unexpected results when accessing an application configured with the Application Portal that uses an access policy with the Trusted Network conditional policy attribute.

For example, the access policy is configured to allow access to users on a trusted network. Instead, users are denied access or prompted for multifactor authentication (MFA) when trying to access the application from a trusted network.
CauseThis behavior is due to a software defect (NGX-46349) that can occur on identity routers running software version if Identity Confidence Collection is disabled on the Cloud Administration Console.

To confirm the setting,
  1. Launch the Cloud Administration Console.
  2. Go to My Account > Company Settings > Company Information > Identity Confidence Collection.

To verify the software version of an identity router,
  1. Launch the Cloud Administration Console.
  2. Go to Platform > Identity Routers.
  3. Click the dropdown arrow next to the identity router's name.
  4. Select Software Version.
ResolutionDefect NGX-46349 will be addressed in a future version of the identity router. Once addressed, Identity Confidence Collection can be disabled without impacting access policies that use the Trusted Network policy attribute.
WorkaroundAs a workaround, enable Identity Confidence Collection, save the settings, and publish the changes.