000015716 - How do I make the Internal Database password optional?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015716
Applies ToRSA Authentication Manager 7.1
RSA Password cannot be used for SecurID authentication
IssueHow do I make the Internal database password optional?

The indicated field(s) on this page require your attention.


  • "Password" is required.
  • "Confirm Password" is required.
Required to enter an RSA password for users in the internal database
Cause

The Identity Management System used in RSA Authentication Manager 7.1 (AM) has to support users in different data stores, (currently the optional data stores are restricted to Microsoft Active Directory and SunOne).  This means that so even though AM does not require a password our optional data stores do. 


The RSA Password may be used to log in to the Security Console and-Self Service Console by administrators and users respectively also if the API is used the the RSA_Password method may be used if the RSA_Password has been set.


Since the existence of this value is dependant on whether the user is stored in the internal database or one of the optional data stores the setting to manage this option is configured in the identity store settings in the Operations Console(OC).

Resolution

You can remove the password requirement from the internal database by logging on to the OC and going to Deployment Configuration>Identity Sources>Manage Existing, then left-click the Internal Database and choose Edit.  Click the "The user password is optional" radio button. 


If you have an administrator logged into the Security Console then they will need to log out and back in to see the changes. 


Now when you create a user in the internal database, the password prompts are replaced by a Manage Password checkbox.  If you need the user to have a password just check "Enable Password" and enter the password as normal.  This last feature is present to allow you to be able to use the features listed above where the RSA Password may be used.

NotesBe careful to plan properly for this type of operation.  Make sure the Security Console and Self Service Console authentication methods have been configured to allow other credentials and that your users have those credentials.  Also, you will always need to have at least one super admin with an internal password, since at the point where the Operations console prompts for a username/password of a user with superadmin privilege that this user must be in the internal database.
Legacy Article IDa44796

Attachments

    Outcomes