|Applies To||RSA Product Set: SecurID Access|
|Issue||When attempting to access the IDR-hosted application portal with additional authentication required (or an application in the portal that requires additional authentication) the following error occurs:|
The /var/log/symplified/symplified.log includes a message like:
2018-04-05/18:50:20.627/UTC [ajp-bio-8009-exec-7] WARN com.symplified.service.appliance.cloudmfa.CloudMFAUtils - Failed strong authentication: AUTHN_ATTEMPT_ID_NOT_FOUND
The User Event Monitor shows an authentication failure with Authentication Details AUTHN_ATTEMPT_ID_NOT_FOUND.
|Cause||Possible causes are:|
|Resolution||First, use the Cloud Administration Console's User > Management page or run User Reports to check for user status, devices registered to a user, and to check for duplicate user id's. This will allow you to determine which possible cause applies.|
Next, take the appropriate step below, depending on the cause of the issue, to ensure the user is correctly sync'd to the Cloud.
Follow the steps in Manually Synchronize an Identity Source for the Cloud Authentication Service to create a record of the user in the SecurID Access cloud service.
Ensure that the user has a device registered to perform the required additional authentication. For example, see RSA SecurID Authenticate Device Registration Overview if approve (push notification) or authenticate tokencodes are allowable authentication methods.
Delete the unwanted user from the Cloud Authentication Service, and from the identity source.
Lastly, ensure that the user has the ability to perform the required additional authentication. For example, see RSA SecurID Authenticate Device Registration Overview if approve (push notification) or authenticate tokencodes are allowable authentication methods, or ensure the user's correct telephone is registered for SMS or Voice Token Code authentication.