RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
After following the steps outlined in the RSA integration guide and configuring SailPoint IdentityIQ to connect with the RSA Authentication Manager API, the following error appears when testing the connection:
"Could not find the realm: SystemDomain"
The error occurs because the RSA Administrator username entered during the SailPoint IdentityIQ configuration does not have sufficient permissions to view Security Domains in RSA Authentication Manager.
This user account is managed through the Security Console, and it must have at least the View permission under Manage Security Domains in their admin's role as shown below:
If the account lacks this permission, it will be unable to retrieve realm details, resulting in the following error when testing the connection:
Could not find the realm: SystemDomain
Granting View access to Security Domains resolves the issue. Assigning broader permissions such as Super Admin is not required.
For steps on how to assign admin roles in RSA Authentication Manager, refer to Add an Administrative Role | RSA Community
The screenshot below shows the administrator account entered in SailPoint IdentityIQ referenced above
To resolve this issue, ensure that the administrator account used in the SailPoint IdentityIQ configuration has permission to view Security Domains in RSA Authentication Manager.
- In the Security Console, click Administration > Administrative Roles > Add New.
-
Under the General Permissions tab, locate the Manage Security Domains section.
-
Enable the View permission for Security Domains.
This level of access should be sufficient to allow IdentityIQ to retrieve realm information.
For detailed steps on how to add or modify an admin role in RSA, refer to the official RSA documentation:
Add an Administrative Role | RSA Community
