Repair an RSA Trusted Realm
In RSA Authentication Manager, you can use the repair feature to enter new information about an RSA trusted realm. For example, you can update the hostname or IP address used to contact the Cloud Authentication Service.
If RSA AM has a new IP address or netmask, then you must provide this information to a Cloud Authentication Service administrator.
Before you begin
- This procedure requires the rsaadmin password.
- You must be a Super Admin or a Trust Administrator.
Procedure
- Log on to the appliance with the User ID rsaadmin and the operating system password that you defined during Quick Setup.
- Change directories to /opt/rsa/am/utils. Type:
cd /opt/rsa/am/utils/
and press ENTER.
- Modify the trusted realm. Type:
./rsautil manage-securid-access-trusts -a repair -t trusted_realm
where trusted_realm is the name of the RSA trusted realm that needs to be modified.
and press ENTER. You are prompted for the required information.
Note: Although it is possible to enter the administrator password on the command line along with the other options, this creates a potential security vulnerability. RSA recommends that you enter passwords only when prompted.
- When prompted, enter the Super Admin or Trust Administrator username, and press ENTER.
- When prompted, enter the Super Admin or Trust Administrator password, and press ENTER.
- When the RSA trusted realm is located, you are prompted to enter updated values for the following items:
- RSA REST API URL Prefix used to contact the Cloud Authentication Service. You might want to update the hostname or IP address.
- The Access ID and Access Key provided by the Cloud Authentication Service Super Admin.
- Trusted realm name.
- Whether the trusted realm is enabled.
- Whether the trusted realm is enabled for authentication.
- Optional notes.
Press ENTER for each item that you do not want to update.
- After the trusted realm is updated, RSA Authentication Manager tests the connection to the trusted realm. After 30 seconds, a message indicates whether the connection test succeeded or failed.
If the connection test fails, you can view the details in the imsTrace.log file in the /opt/rsa/am/server/logs directory.
- To verify the changed details in the Security Console, click Administration > Trusted Realms > Manage Existing.
Related Articles
Unable to remove a local entitlement linked to an account that no longer exists in RSA Governance & Lifecycle Number of Views How to manually sync a replica in an RSA Authentication Manager 8.x deployment with one or more replicas Number of Views Replacing the server certificate used for the RSA Identity Governance & Lifecycle appliance web administration interface Number of Views Unable to re-use a deleted account name if the account was previously disabled in RSA Identity Governance & Lifecycle Number of Views User changes his mobile device in RSA Cloud Authentication Service Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
