RSA Cloud Authentication Service password authentication fails due to "LDAP account not permitted to authenticate via this identity router"
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: all
Issue
LDAP password authentication failed - LDAP account not permitted to authenticate via this identity routerThe symplified.log of the IDR that processed the LDAP authentication, will log an event similar to the following at the time of the authentication failure:
LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 531, v2580 ', ldapSDKVersion=4.0.6, revision=27850)The event will also appear in the Identity Router System Log at the time of the authentication failure.
Tasks
The "workstation" for the RSA Cloud Authentication Service, is the Identity Router (IDR) that performed the password authentication for that user.
To allow the user to authenticate with the RSA Cloud Authentication Service, the user must be authorized in Active Directory to authenticate through all IDRs in your deployment.
Resolution
- Logon to the Microsoft Active Directory server as an administrator
- Open Active Directory Users and Computers
- Go to View > Advanced Features
- Navigate to the affected user, right-click and choose Properties
- Open the Attribute Editor tab
- Edit the userWorkstations attribute to add the fully-qualified domain name (DNS name) of every IDR.
- DNS names must be separated by a commas
- Alternatively, to allow the user to login to any workstation or via any IDR, delete all existing values for the userWorkstations attribute.
Notes
Related Articles
Request a Cloud Access Service Account Number of Views Users unable to authenticate with LDAP password on both Security Console and Self-Service Console for RSA Authentication M… Number of Views Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Number of Views Random Rules are failing in RSA Governance & Lifecycle Number of Views Unable to authenticate with Authentication Agent for PAM for SSH due to SELinux Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
