000031420 - Users show as disabled after enabling them from dashboard or by editing them in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 9, 2020
Version 7Show Document
  • View in full screen mode

Article Content

Article Number000031420
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueUsers in a newly attached external identity source show as disabled, and administrators cannot manage or edit the users in RSA Authentication Manager.
CauseThis is a permissions issue for the LDAP service account used to manage the Active Directory on the RSA Authentication Manager from the Operations Console.
  1. From the external identity source (Active Directory in the example below), make sure that the group of users are being managed by the administrator (service account) who has full read permissions on the group:

Group Properties

Admin Group permissions

  1. Login to the primary Authentication Manager Operations Console and select Deployment Configuration > Identity Source > Manage Existing.  
  2. Click the context arrow next to the identity source in question and click Edit.  
  3. Click on the Map tab.
  4. Scroll down to the section labeled Directory Settings.
  5. Set the User Account Enabled State to Manage in Directory and Internal database.  This specifies where Authentication Manager looks for the enabled/disabled state of user accounts.
  6. Click Save.
  7. Select the Home tab on the Operations Console and click Flush Cache.
  8. Choose to flush all cache objects and click Flush.
  9. Wait for five minutes to ensure all cached objects have been cleared.
  10. Go back to the Security Console and attempt to enable or manage a user.