000036058 - RSA Adaptive Authentication (OnPrem) 7.x: Unlock User feature forces the customer to re-register challenge questions?

Document created by RSA Customer Support Employee on Feb 27, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036058
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
IssueCustomer asks:
Similar to the “Reset” feature, the “Unlock” feature also forces the customer to re-register challenge questions?
ResolutionThe unlock itself will not force the customer to re-register challenge questions (enrollment).  But a user can only be reset if it has previously been locked.

Locked user scenarios:

  • A user is locked by reaching the threshold of the maximum failed challenge attempts.
  • A user that is locked can be either:
    • Unlocked – The system will mark it as unlocked and after a successful login the user status will be marked as verified.   
        After a successful login and responding the challenge that was failed, the “Failed Challenge” counter will be reset. 
        This will not re-register the questions.
      • In the CSR Admin, press the “Unlock” button.
      • From the API documentation:
           unlockUser Method

The unlockUser method unlocks a user that has been locked out of the system due to failure on the challenge method.

  • Reset – The system will mark it as unverified and the customer will have to re-register the questions.  In the CSR Admin, press the “Reset” button.  This button will only appear when the user is locked.


Enrollment scenarios:

  • A user will be requested for re-enrollment (register the questions) when:
    • First login into the system.
    • User is deleted in the CSR Admin.
    • User is “Reset” in the CSR Admin. 
      • According to the documentation it should be only used when the user is locked and doesn't know the answers to the challenge questions; otherwise, it should be unlocked and will not be requested for enrollment.