Manage User Authentication Settings
User authentication settings allow you to create exceptions to authentication policies for individual users. These settings also allow you to troubleshoot user authentication issues.
Before you begin
You must have a restricted or unrestricted agent. If you plan to configure a logon alias, the user must belong to a user group that has access to a restricted agent or has been enabled on an unrestricted agent.
Procedure
In the Security Console, click Identity > Users > Manage Existing.
Use the search fields to find the user that you want to manage.
From the search results, click the user that you want to manage.
From the context menu, click Authentication Settings.
If you want to assign a fixed passcode to the user, select the Fixed Passcode checkbox.
Note: RSA recommends that you do not use fixed passcodes because they eliminate all the advantages of two-factor authentication.
Select the Clear Incorrect Passcodes checkbox to clear any incorrect passcodes. The count of incorrect passcodes is reset, and the user is not prompted for the next tokencode. The system also clears this count automatically with each correct passcode. However, if the user continues to enter incorrect passcodes and exceeds the number of failed logon attempts allowed by the lockout policy, the user is locked out of the system.
Note: This operation only clears the existing count. To clear future counts, you must perform the procedure again.
Select Clear cached copy of selected user's Windows credential to clear a cached version of a user's password.
Note: If your deployment uses RSA SecurID for Windows, AM (AM) saves a cached version of the user’s Windows logon password. This information may need to be cleared, if the Windows password has been changed in Active Directory.
If you want to assign a default shell to the user, enter it in the Default Shell field.
Note: The default shell value must follow the accepted naming convention for domain names.
To configure a logon alias for the user:
Select whether you want to allow users to use their own User IDs and the alias.
Note: You can use this option to prevent a conflict between users who share the same default User IDs.
Select the user group to which you want to assign the alias.
In the User ID field, enter the User ID that you want to assign to the alias. In the Shell field, enter the shell that you want assigned to the alias. If you are using RADIUS, from the RADIUS Profile drop-down menu, select the RADIUS profile to assign to the alias. Click Add.
If you use RADIUS, select the RADIUS profile and RADIUS user attributes to assign to the user:
From the User RADIUS Profile drop-down menu, select a RADIUS profile to assign to the user.
Note: If you set up logon aliases for the user and you do not specify a RADIUS profile for each alias in step 9, AM assigns the user RADIUS profile to each alias.
In RADIUS User Attributes, select the attribute that you want to assign to the user, enter the value for the attribute in the Value field, and click Add. RADIUS user attributes take precedence over attributes in a RADIUS profile.
A RADIUS user attribute can be mapped to an identity source attribute. For more information, see Map a RADIUS User Attribute Definition to an Identity Source Attribute.
Click Save.
Related Articles
DSA-2019-018: RSA Authentication Manager Security Update for Multiple Hardware Appliance Firmware Vulnerabilities Number of Views Manage Authentication Sources Number of Views Manage the RSA Authentication API Keys (Legacy Clients) Number of Views Manage PINs for Approve and Device Biometrics Authentication Number of Views Manage Legacy Clients (API Keys) Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
