Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000027468 - How to change the failed authentication thresholds

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000027468
Applies To	Authentication Manager 7.1 (all)
Issue	How to change the failed authentication thresholds Change Next Tokencode threshold Change Lockout policy
Resolution	To change the Next Tokencode threshold for failed authentications, open the Security Console and identify the Token Policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain, and that a change to the policy will affect all Security Domains to which the policy is assigned. Go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies. Once you have identified the Token Policy assigned to the Security Domain you want to alter, go to Authentication->Policies->Token Policies->Manage Existing. Click the policy you want to change and click Edit. In the SecurID Token Policy Basics section, change the value for "Require next tokencode after X incorrect passcodes" to the desired value.Click Save. The policy change is immediate. To change the lockout threshold for failed authentications, open the Security Console and identify the Token Policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain, and that a change to the policy affects all Security Domains to which the policy is assigned. Go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies. Once you have identified the Lockout Policy assigned to the Security Domain you want to alter, go to Authentication->Policies->Lockout Policies->Manage Existing. Click the policy you want to change and click Edit. In the Parameters section, change the value for "Lock accounts after X consecutive failed authentications with X days". IMPORTANT - examine the Unlock settings and be sure they match your desired level of security. RSA strongly recommends you require administrators to unlock locked accounts, rather than configuring them to automatically unlock. Click Save. The policy change is immediate.
Legacy Article ID	a54315

Attachments

Outcomes

0 Comments

Recommended Content