000027348 - How to change RSA Authentication Manager 8.x token policies on a subset of users

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Aug 14, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000027348
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
O/S Version: SUSE
IssueThis articles explains how to:
  • Change token policies on a subset of users
  • Change policies to users in phases
ResolutionTo alter a token policy, find the policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain, and a change to the policy will affect all Security Domains to which the policy is assigned.
  1. Open the Security Console and go to Administration Security Domains Manage Existing.
  2. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.
To alter the token policy,

  1. Go to Authentication Policies >Token Policies Manage Existing.
  2. Edit the policy to which you want to make a change.
  3. Click Save when done.
  4. Apply the token policy to a security domain.

If the policy is assigned to several Security Domains and you want to make a change to the policy for only some of the Security Domains,

  1. Go to Authentication Policies >Token Policies Manage Existing.
  2. Click on the policy and select Duplicate.
  3. Select the desired options on the duplicate policy and click Save.
  4. The policy can now be assigned to the Security Domains to which you want to make changes.
NotesTo move a subset of users to a new Security Domain with a different policy,
  1. Open the Security Console and go to Identity > Users > Manage Existing.
  2. Search for users, using the filters to select the subset of users you want to move.
  3. Check the box next to the users you want to move, and use the pull-down at the top of the screen to select Move to Security Domain....
  4. Click Go.
  5. On the next screen, select the new Security Domain.
  6. Click Move.

IMPORTANT:  Administrators who are scoped to only have access to the previous Security Domain will not have access to the new Security Domain.

Legacy Article IDa54314