Query for users with tokens and enabled for On-Demand Authentication in RSA Authentication Manager 8.2
Originally Published: 2017-03-22
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1, 8.2
Issue
Customer use case
In order to save ODA licenses we need to know:- Which users haven't used ODA in more than 90 days
- Which users have both token and ODA
Resolution
- Upload the odauserswithtokens.txt file (attached) to the primary Authentication Manager server's /home/rsaadmin directory.
- If using Filezilla, set up a site as SFTP, use rsaadmin to login.
- Logon to the Authentication Manager 8.x primary via SSH as rsaadmin (Note: SSH must be enabled via the Operations Console under Administration > Operating System Access).
- Determine an Authentication Manager 8.x database password as shown in following example. The output password will be different than the example value shown here):
/opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> com.rsa.db.dba.password: GrcvNN2FUAsWjyPfhaIsSWvjvZhvtN
- Execute the following query. You will be prompted for the database password output in the previous step.
/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -f ~/odauserswithtokens.txt > ~/odauserswithtokens.html com.rsa.db.dba.password: GrcvNN2FUAsWjyPfhaIsSWvjvZhvtN
- This will direct the odauserswithtokens.html file into the rsaadmin user's home directory /home/rsaadmin.
- Connect to the Authentication Manager server using a file transfer client, such as Filezilla, and download the odauserswithtokens.html file.
Actual Query
SELECT am_sms_authenticators.last_login_date, am_token.token_type, am_token.serial_number, am_token.token_shutdown_date, am_sms_authenticators.last_updated_on, am_sms_authenticators.sms_enabled_on, am_token.last_updated_on, ims_principal_data.loginuid FROM rsa_rep.am_principal, rsa_rep.am_sms_authenticators, rsa_rep.am_token, rsa_rep.ims_principal_data WHERE am_principal.id = am_sms_authenticators.principal_id AND am_sms_authenticators.principal_id = am_token.principal_id AND am_token.principal_id = ims_principal_data.id;
Related Articles
XML files are filling up the D:\tmp\ directory in RSA enVision Core 4.0.0 Number of Views Delete an Administrative Role Number of Views RSA Identity Governance and Lifecycle for Active Directory Collectors logs "REFERRAL set to : true" when referrals are di… Number of Views Identity Attribute Definitions for On-Demand Tokencode Delivery by Text Message Number of Views All change requests are stalled or in open state in RSA Identity Governance and Lifecycle Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
