Authentication to restricted agents with Active Directory users fail in Authentication Manager 8.1
Originally Published: 2016-06-15
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 or later
Issue
- Authentication to restricted agents with users in AD is failing with the following error:
Principal does not belong to any groups activated on restricted agent
- The system activity monitor shows a failure to read the identity source group:
- Granting access to some groups via Access > Authentication Agents > Manage Existing then selecting the Restricted tab then choose to Grant Access to More User Groups > select group(s) and get error as below:
There was a problem processing your request.
The identity source association of the user group <group_name> has changed. Run the Scheduled Identity Source cleanup job to update the User Group association. You must re-configure the group data related to Authentication Manager, for example access to restricted agents, restricted access times and notes.
- Test connections in Operations Console are all successful
- Running Clean Up Unresolvable Users or restarting services doesn't help.
Cause
Resolution
- In Security Console navigate to Setup > Identity Sources > Schedule Cleanup.
- Click the Schedule Cleanup checkbox and set the Run Time for the job.
- When done, click Save.
- Navigate to Administration > Batch Job to check that the batch job is complete.
- Select user groups to grant access to the restricted authentication agents. Select Access > Authentication Agents > Manage Existing.
- Click the Restricted tab and select Grant Access to More User Groups from the Action Menu.
- Search and select group(s) then click Grant Access to User Groups.
