000035223 - Error Unable to resolve user by login ID and/or alias, or authenticator not assigned to user when attempting to authenticate with the SecurID Authenticate application via an RSA Authentication Agent

Document created by RSA Customer Support Employee on Jun 6, 2017Last modified by RSA Customer Support Employee on Sep 7, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035223
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: SecurID Access
IssueAuthentication Manager 8.2.1 or higher has been configured to accept tokencodes generated by the SecurID Authenticate app.  See Configure RSA Authentication Manager to Handle Authenticate Tokencodes.
Users that do not have a SecurID software or hardware token fail to authenticate with their SecurID Authenticate app with the Authentication Manager reporting the following authentication error:
Unable to resolve user by login ID and/or alias, or authenticator not assigned to user
CauseAuthentication Manager users who do not have an active RSA SecurID hardware or software token assigned to them must be explicitly enabled to use the RSA SecurID Authenticate app by an Authentication Manager super admin.
ResolutionUsers without an existing SecurID token must be enabled to use the RSA SecurID Authenticate App with the manage-securid-authenticate-app-provisioning utility as described in the documentation on how to Enable the RSA SecurID Authenticate App for Specific Users
The manage-securid-authenticate-app-provisioning utility can be run on a list of users at any time (before or after users have registered their Authenticate App) and will safely ignore any users that have already been enabled.
NotesThe manage-securid-authenticate-app-provisioning utility processing will generate Authentication Manager administrative log messages such as Create Token, Update Principal  and Link Token with Principal.  Each enabled user will then have a SecurID token of the form "MFA123456789" representing their SecurID Authenticate App.