RSA Cloud Authentication Service password authentication fails due to "LDAP account not permitted to authenticate via this identity router"
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: all
Issue
LDAP password authentication failed - LDAP account not permitted to authenticate via this identity routerThe symplified.log of the IDR that processed the LDAP authentication, will log an event similar to the following at the time of the authentication failure:
LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 531, v2580 ', ldapSDKVersion=4.0.6, revision=27850)The event will also appear in the Identity Router System Log at the time of the authentication failure.
Tasks
The "workstation" for the RSA Cloud Authentication Service, is the Identity Router (IDR) that performed the password authentication for that user.
To allow the user to authenticate with the RSA Cloud Authentication Service, the user must be authorized in Active Directory to authenticate through all IDRs in your deployment.
Resolution
- Logon to the Microsoft Active Directory server as an administrator
- Open Active Directory Users and Computers
- Go to View > Advanced Features
- Navigate to the affected user, right-click and choose Properties
- Open the Attribute Editor tab
- Edit the userWorkstations attribute to add the fully-qualified domain name (DNS name) of every IDR.
- DNS names must be separated by a commas
- Alternatively, to allow the user to login to any workstation or via any IDR, delete all existing values for the userWorkstations attribute.
Notes
Related Articles
Users unable to authenticate with LDAP password on both Security Console and Self-Service Console for RSA Authentication M… Number of Views Request a Cloud Access Service Account Number of Views Backup fails with an error: "Command failed due to timeout of 3600000 milliseconds" on RSA Authentication Manager in 8.4 Number of Views Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Number of Views Guide to Microsoft Active Directory LDAP synchronization with RSA Authentication Manager Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
