Enable system-generated PINs for RADIUS in RSA Authentication Manager 8.x
Originally Published: 2015-12-26
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
New PIN cancelled for user
Resolution
You can edit this file from Operations Console by navigating to Deployment Configuration > RADIUS Server or you can edit /opt/rsa/am/radius/securid.ini via SSH.
From the UI
- Login to the primary Authentication Manager Operations Console.
- Select Deployment Configuration > RADIUS Servers > Edit RADIUS Server.
- Click the drop down arrow on the primary Authentication Manager server and choose Manage Server Files.
- Click on the drop down arrow next to the securid.ini file and choose Edit.
- Look for AllowSystemPins = 0.
- If the line is commented out with a semicolon, remove the semicolon.
- Change the 0 to a 1.
- When done, click Save & Restart RADIUS Server. This restart allows the change to take effect.
- From the primary's Operations Console, repeat steps 1 - 8 for each replica.
From an SSH session
- Using 000038244 - SSH to an RSA Authentication Manager server, connect to the primary RSA Authentication Manager server.
- Login to the primary server:
login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system password> Last login: Wed Dec 18 16:39:41 2019 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am
- Navigate to /opt/rsa/am/radius/securid.ini.
- Open the securid.ini file in a text editor:
rsaadmin@am84p:/opt/rsa/am/utils> cd /opt/rsa/am/radius rsaadmin@am84p:/opt/rsa/am/radius> vi securid.ini
- Search for the text of AllowSystemPins = 0.
- Press i to enter Insert mode.
- If the line is commented out with a semicolon, remove the semicolon.
- Change the 0 to a 1.
- Press Esc then type :wq! to save changes and close the file.
- Navigate to /opt/rsa/am/server:
rsaadmin@am84p:/opt/rsa/am/utils> cd /opt/rsa/am/server
- Restart the RADIUS server for the change to take effect:
rsaadmin@am84p:/opt/rsa/am/server> ./rsaserv restart radius
- Open an SSH session to each replica and repeat steps 1 - 8.
Related Articles
How to configure an RSA Authentication Manager 8.1 server to accept a system-generated PIN when a token is in new PIN mode… Number of Views RSA Identity Governance & Lifecycle aveksaServer.log file filling with warning messages "Logging event having message" and… Number of Views AFX Server remains in a 'Not running' State, afx status shows 'timed out waiting for AFX applications to start' and mule_e… Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
