000014244 - New pin cancelled for user

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014244
Applies ToRSA Authentication Manager 7.1
RSA SecurID Appliance 3.0
IssueNew pin cancelled for user
CauseThere is a setting in the RADIUS module to disallow system generated, this may be clashing with a token plocy which is applied to the specific user where the user must have a system generatd PIN.

The common resolution is simply to ensure that user generated PINs are used.  This is done by altering the policy which applies to a user.  Be careful when reviewing policies (in the Security Console under Authentication>Policies>Token Policies>Manage Existing, just because a policy is marked as "Default" will not mean that this is the policy which applies to a specific user, some other administrator may have configured the user to use a specific non-default policy.

Go to Identities>Users>Manage Existing

Query the system to display the user with the problem

Use the Context Sensitive menu next to the userID and select View Associated Policies

Select the Token Policy tab and review the settings under the SecurID PIN ViewPolicyFormat section for the PIN Creation Method

If the setting says Require system-generated PIN then look at the SecurID Token Policy Basics  at the top of the form for the policy name which needs to be adjusted

WorkaroundA user is in New PIN mode and authenticating via RADIUS
NotesChanging policies seems to take longer to replicate than  other information. Make sure you flush all cache objects, and allow enough time for re-Replication.
Legacy Article IDa46728