Unable to Resolve User by Login ID and/or Alias or Authenticator Not Assigned to User When Attempting to Authenticate via an RSA Authentication Agent
Originally Published: 2017-06-05
Article Number
Applies To
RSA Product Set: SecurID Access
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.6, 8.7 and 8.8
RSA Version/Condition: 8.6, 8.7 and 8.8
Issue
Users attempting to authenticate using the RSA SecurID Authenticate app fail to log in, and Authentication Manager reports an authentication error.
Observable symptoms:
- Authentication attempt fails with no access granted
- Authentication Manager logs the following error:
Unable to resolve user by login ID and/or alias, or authenticator not assigned to user
ℹ️ NOTE: This issue affects users who do not have an active RSA SecurID hardware or software token assigned to them. Users with an existing token are not affected.
Cause
RSA Authentication Manager users who do not have an active RSA SecurID hardware or software token assigned to them must be explicitly enabled to use the RSA SecurID Authenticate app by an Authentication Manager super admin.
Resolution
ℹ️ NOTE: This procedure must be performed by an Authentication Manager Super Admin.
Step 1: Log in to the Authentication Manager Security Console as a Super Admin.
Step 2: Run the
manage-securid-authenticate-app-provisioning utility for the affected user(s). For full instructions, see Enable the RSA SecurID Authenticate App for Specific Users — this article covers how to run the utility for individual users or a bulk user list.ℹ️ NOTE: The utility can be run at any time — before or after users have registered their Authenticate app. It will safely ignore any users who have already been enabled.
Step 3: Ask the affected user(s) to retry authentication using the RSA SecurID Authenticate app.
Step 4 Verify: Confirm the user can successfully authenticate. Authentication Manager should no longer log the error:
Unable to resolve user by login ID and/or alias, or authenticator not assigned to user
Notes
Admin Log Messages: When the
manage-securid-authenticate-app-provisioning utility runs, Authentication Manager generates the following administrative log messages: Create Token, Update Principal, and Link Token with Principal.Token Format: Each successfully enabled user will have a SecurID token assigned in the format
MFA123456789, representing their RSA SecurID Authenticate App registration.Related Articles
RSA Authentication Manager – Unable to Add or Manage Users with Error “The specified ID is already in use” 5.21KNumber of Views Unable to login to RSA Authentication Manager Security Console as super admin 5.23KNumber of Views Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU 1.93KNumber of Views Duplicate User ID error when running All Users report in RSA Authentication Manager 8.x 1.71KNumber of Views Cannot add or manage a user with user ID <UserID>. User IDs must be unique within a deployment. This user ID is already in… 2.07KNumber of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager Upgrade Process Authentication Manager Security Console and Operations Console Inaccessible After Certificate Update RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?