000033727 - Removing An Unwanted Identity Source From RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Aug 20, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033727
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
IssueAn administrator would like to remove an unwanted identity source configuration from the RSA Authentication Manager deployment.
ResolutionAn administrator cannot simply remove an identity source due to users possibly still being registered in the authentication manager database. The following steps work where the identity source is still available and linked to the authentication manager primary instance.
  1. Update the Directory Configuration – Users search filter from (&(objectClass=User)(objectcategory=person)) to (&(objectClass=User)(objectcategory=person)(!(samAccountName=*))) ensures no user data is mapped from the identity source.
Locating the search filter in the Operations Console > Deployment Configuration > Identity Sources > Manage Existing > enter superadmin account credentials > left-click the Identity Source name > Edit > Map tab


  1. Check no users are searchable for the identity source in question using the Security Console > Identity > Users > Manage Existing > enter Search Criteria to search the identity source > Search.
User-added image

  1. Clean Up Unresolvable Users for the identity source in question. Security Console > Setup > Identity Sources > Clean Up Unresolvable Users > select the Identity Source in question and uncheck the Grace Period
User-added image

  1. Now the administrator is in a position to unlink the identity source from the Security Console. 
In the Security Console > Setup > Identity Sources > Link Identity Source to System > highlight identity source name in Linked and click the arrowcid:image010.png@01D14304.C84C5170 to move the identity source to Available.


  1. Now the identity source can be removed from the Operations Console.
In the Operations Console > Deployment Configuration > Identity Sources > Manage Existing > left-click Identity Source name and select Delete > Delete Identity Source Confirmation- check Yes, delete the identity source and click Delete Identity Source button.
User-added image
The identity source has now been removed from the authentication manager deployment.
NotesAs a good practice please make a backup of the authentication manager database prior to any changes and this task can be performed in the Operations Console > Maintenance > Backup and Restore > Back Up Now