|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
|Issue||The following error displays while authenticating from a client, such as an F5 BIG IP APM, configured for Risk-Based Authentication.|
User is not enrolled for any of the allowed identity confirmation authentication methods
|Resolution||This error happens when:|
This error occurs during initial authentication with silent collection disallowed. It can also occur with silent collection allowed, but after the silent collection period has expired and without configuring a secondary challenge method.
If silent collection is not allowed, users must be instructed to configure their secondary challenge methods using the Self-Service Console before their first RBA authentication. If silent collection is allowed, then risk-based enabled clients will prompt a user to set up their identity confirmation method after a high assurance authentication (for example, from a known device). If this has not been done before the silent collection period ends, then the user must use the Self-Service Console to configure their identity confirmation method.
|Notes||Identity confirmation methods can be security questions, On-Demand Authentication, or both.|