000027468 - How to change the failed authentication thresholds

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000027468
Applies ToAuthentication Manager 7.1 (all)
IssueHow to change the failed authentication thresholds
Change Next Tokencode threshold
Change Lockout policy
Resolution

To change the Next Tokencode threshold for failed authentications, open the Security Console and identify the Token Policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain, and that a change to the policy will affect all Security Domains to which the policy is assigned. Go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.

Once you have identified the Token Policy assigned to the Security Domain you want to alter, go to Authentication->Policies->Token Policies->Manage Existing. Click the policy you want to change and click Edit. In the SecurID Token Policy Basics section, change the value for "Require next tokencode after X incorrect passcodes" to the desired value.Click Save. The policy change is immediate.


To change the lockout threshold for failed authentications,  open the Security Console and identify the Token Policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain, and that a change to the policy affects all Security Domains to which the policy is assigned. Go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.

Once you have identified the Lockout Policy assigned to the Security Domain you want to alter, go to Authentication->Policies->Lockout Policies->Manage Existing. Click the policy you want to change and click Edit. In the Parameters section, change the value for "Lock accounts after X consecutive failed authentications with X days". IMPORTANT - examine the Unlock settings and be sure they match your desired level of security. RSA strongly recommends you require administrators to unlock locked accounts, rather than configuring them to automatically unlock. Click Save. The policy change is immediate.

Legacy Article IDa54315

Attachments

    Outcomes