|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
|Issue||When tokens are imported into Authentication Manager, they are set to Disabled by default and are enabled automatically when assigned or edited. However, when users request them through the Self-Service Console with automatic approval (0 steps), the email to the end user requires the user to enable/activate the token.|
This can be confusing to end users and can generate Help Desk calls, especially since the steps to Activate the token are listed first in the email but will not work until token is first set to Enabled. This How To article provides a work-around this situation.
To work around this issue, an Authentication Manager administrator will need to:
|Resolution||Enable unassigned tokens in bulk through the Security Console|
A simple work-around would be enable the tokens in bulk in the Security Console?. Note that a maximum of 500 unassigned tokens can be selected at a time.
After clicking Go, the green check is removed from the Disabled column, indicating the token is now enabled for use. Now the user can successfully request token through Self Service Console.
Enable all disabled tokens through a SQL UPDATE command in the PostgreSQLdatabase
Login to the Authentication Manager primary server via SSH, vSphere or a direct connection as rsaadmin.
Navigate to /opt/rsa/am/utils.
Obtain the database password with the command ./rsautil manage-secrets -a get com.rsa.db.dba.password.
login as: rsaadmin
The list of token serial numbers displayed here should match the tokens shown as Disabled in the Security Console GUI.
Next, update these tokens to be Enabled by setting the IS_ENABLED value from false to true.
db=# UPDATE rsa_rep.AM_TOKEN set IS_ENABLED='t' WHERE IS_ENABLED='f';
Refresh the Security Console and compare the list of tokens with the tokens in the GUI to confirm the token flag was updated successfully and the tokens are now listed as enabled.