000032606 - Multi-user device binding scenario in RSA Adaptive Authentication (On Prem)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032606
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
IssueSome organizations or households will have a computer available where everyone shares the same device. There is a feature in AAOP that allows this "husband and wife" scenario. This feature all depends on subsequent users on the machine being created or bound to the desktop/browser by using the deviceTokenCookie from the previous user. This feature will work with two or more users on the same device.
TasksWhen first enrolling, or when first using a new browser that others are also using, do not clear the cookies if you plan on binding to the device. Using the other person's cookie ensures the new user is bound to the same device and prevents another desktop from being created. Clearing cookies will cause a new desktop to be created in the database and then when you, or another user on the device, try to authenticate a device token mismatch will occur and the binding will be removed.
ResolutionIf you keep having trouble losing your binding, try the following
  1. Clear all cookies and flash shared objects from the browser.
  2. Have another already bound user login using the same device and browser. Device recovery should work if they are bound.
  3. Have them logoff.
  4. Without clearing the browser cookies and flash, login and bind to the device.
Both users should now be bound to the same desktop. Each user should be able to login and be recognized as bound even after use by this other bound user.
A new user who cleared cookies first and bound, could break the next users binding, since a new desktop would be created. Using the previous users device token cookie ensures they are bound to the same device in the database and will avoid extra challenges.