|Applies To||RSA Authentication Manager Administration Toolkit|
|Issue||How to auto-disable inactive accounts in RSA Authentication Manager|
No setting available in RSA Authentication Manager to disable accounts after a specified period of inactivity
|Resolution||There are 2 feasible approaches to accomplishing this goal utilizing the RSA Authentication Manager Administration Toolkit:|
1. Write a program or script (Administration Toolkit has C and TCL interfaces) that utilizes function Sd_ListTokensByField to get a list of all enabled tokens. Go through the list and determine the last time it was used via Sd_ListTokenInfo and use Sd_DisableToken to disable any that have been inactive for greater than some threshold (like 90 days). Your Authentication Manager documentation includes the Administration Toolkit Reference Guide that details the Administration Toolkit.
2. Purchase RSA's AceBulkAdmin utility through your RSA Sales Representative (created by RSA Professional Services Organization). This is a TCL script built on top of the Administration Toolkit that includes a function to delete inactive accounts (reference AceBulkAdmin function Multiple Token Disable).
|Legacy Article ID||a31057|