LDAPv3 User Verification for Cloud Access Service
LDAPv3 User Verification for Cloud Access Service
The identity router verifies the user’s identity source account by checking with the directory server. If the account is enabled, the identity router sends the Authenticate OTP to the Cloud Access Service (CAS) for verification. If your deployment uses an LDAPv3 identity source, RSA checks the following user attributes to determine the user's disabled status.
| Attribute | Setting |
|---|---|
| ds-pwp-account-disabled | true for disabled accounts. |
| nsaccountlock | true for disabled accounts. |
| shadowExpire | 0 for disabled accounts. |
If your LDAPv3 server does not use these attributes to indicate disabled status, RSA treats all users in the identity source as enabled.
Related Articles
Offline days not downloading for RSA Authentication Agent 7.3.x for Windows after enabling Offline Authentication policy i… Number of Views Changing replication status to Out of Sync for RSA Authentication Manager 8.2 or later with a script (Script attached) Number of Views Unsuccessful Registration of the RSA Authenticator app for iOS or Android with a registration code from the Cloud Administ… Number of Views Reporting Engine service is not running due to reportstatusmanager.h2.db corrupt Number of Views Artifacts to gather in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
