000024043 - How to auto-disable inactive accounts in RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024043
Applies ToRSA Authentication Manager Administration Toolkit
IssueHow to auto-disable inactive accounts in RSA Authentication Manager
No setting available in RSA Authentication Manager to disable accounts after a specified period of inactivity
ResolutionThere are 2 feasible approaches to accomplishing this goal utilizing the RSA Authentication Manager Administration Toolkit:

1. Write a program or script (Administration Toolkit has C and TCL interfaces) that utilizes function Sd_ListTokensByField to get a list of all enabled tokens. Go through the list and determine the last time it was used via Sd_ListTokenInfo and use Sd_DisableToken to disable any that have been inactive for greater than some threshold (like 90 days). Your Authentication Manager documentation includes the Administration Toolkit Reference Guide that details the Administration Toolkit.

2. Purchase RSA's AceBulkAdmin utility through your RSA Sales Representative (created by RSA Professional Services Organization). This is a TCL script built on top of the Administration Toolkit that includes a function to delete inactive accounts (reference AceBulkAdmin function Multiple Token Disable).
Legacy Article IDa31057