on Jun 14, 2016Article Content
| Article Number | 000014244 |
| Applies To | RSA Authentication Manager 7.1 RSA SecurID Appliance 3.0 RADIUS |
| Issue | New pin cancelled for user |
| Cause | There is a setting in the RADIUS module to disallow system generated, this may be clashing with a token plocy which is applied to the specific user where the user must have a system generatd PIN. |
| Resolution | The common resolution is simply to ensure that user generated PINs are used. This is done by altering the policy which applies to a user. Be careful when reviewing policies (in the Security Console under Authentication>Policies>Token Policies>Manage Existing, just because a policy is marked as "Default" will not mean that this is the policy which applies to a specific user, some other administrator may have configured the user to use a specific non-default policy. Go to Identities>Users>Manage Existing Query the system to display the user with the problem Use the Context Sensitive menu next to the userID and select View Associated Policies Select the Token Policy tab and review the settings under the SecurID PIN ViewPolicyFormat section for the PIN Creation Method If the setting says Require system-generated PIN then look at the SecurID Token Policy Basics at the top of the form for the policy name which needs to be adjusted |
| Workaround | A user is in New PIN mode and authenticating via RADIUS |
| Notes | Changing policies seems to take longer to replicate than other information. Make sure you flush all cache objects, and allow enough time for re-Replication. |
| Legacy Article ID | a46728 |