000038915 - User is not enrolled for any of the allowed identity confirmation authentication methods error during RSA Authentication Manager Risk Based Authentication

Document created by RSA Customer Support Employee on May 29, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038915
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueThe following error displays while authenticating from a client, such as an F5 BIG IP APM, configured for Risk-Based Authentication.

User is not enrolled for any of the allowed identity confirmation authentication methods

User-added image
ResolutionThis error happens when:
  • The authentication generated an assurance level below the configured assurance threshold, AND
  • The user has not configured a secondary challenge (identity confirmation) method for their account.

This error occurs during initial authentication with silent collection disallowed. It can also occur with silent collection allowed, but after the silent collection period has expired and without configuring a secondary challenge method.

If silent collection is not allowed, users must be instructed to configure their secondary challenge methods using the Self-Service Console before their first RBA authentication. If silent collection is allowed, then risk-based enabled clients will prompt a user to set up their identity confirmation method after a high assurance authentication (for example, from a known device). If this has not been done before the silent collection period ends, then the user must use the Self-Service Console to configure their identity confirmation method.
User-added image

NotesIdentity confirmation methods can be security questions, On-Demand Authentication, or both.
User-added image