000027468 - How to change the failed authentication thresholds in RSA SecurID

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Aug 14, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000027468
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
  1. How to change the failed authentication thresholds.
  2. Change Next Tokencode threshold.
  3. Change Lockout policy.
Resolution

To change the Next Tokencode threshold for failed authentications, open the Security Console and identify the Token Policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain and that a change to the policy will affect all Security Domains to which the policy is assigned. Go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.

Once you have identified the Token Policy assigned to the Security Domain you want to alter, go to Authentication->Policies->Token Policies->Manage Existing. Click the policy you want to change and click Edit. In the SecurID Token Policy Basics section, change the value for "Require next tokencode after X incorrect passcodes" to the desired value. Click Save. The policy change is immediate.

To change the lockout threshold for failed authentications,  open the Security Console and identify the Token Policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain and that a change to the policy affects all Security Domains to which the policy is assigned. Go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.

Once you have identified the Lockout Policy assigned to the Security Domain you want to alter, go to Authentication->Policies->Lockout Policies->Manage Existing. Click the policy you want to change and click Edit. In the Parameters section, change the value for "Lock accounts after X consecutive failed authentications with X days", Click Save. The policy change is immediate.

Legacy Article IDa54315

Attachments

    Outcomes