Unable to Resolve User by Login ID and/or Alias or Authenticator Not Assigned to User When Attempting to Authenticate via an RSA Authentication Agent
a day ago
Originally Published: 2017-06-05
Article Number
000050022
Applies To
RSA Product Set: SecurID Access
RSA Product/Service Type: Authentication Manager
RSA Version/Condition:  8.6, 8.7 and 8.8


 

Issue
Users attempting to authenticate using the RSA SecurID Authenticate app fail to log in, and Authentication Manager reports an authentication error.
 
Observable symptoms:
  • Authentication attempt fails with no access granted
  • Authentication Manager logs the following error:

Unable to resolve user by login ID and/or alias, or authenticator not assigned to user
ℹ️ NOTE: This issue affects users who do not have an active RSA SecurID hardware or software token assigned to them. Users with an existing token are not affected.
Cause

RSA Authentication Manager users who do not have an active RSA SecurID hardware or software token assigned to them must be explicitly enabled to use the RSA SecurID Authenticate app by an Authentication Manager super admin.

 

Resolution
ℹ️ NOTE: This procedure must be performed by an Authentication Manager Super Admin.
 
Step 1: Log in to the Authentication Manager Security Console as a Super Admin.
 
Step 2: Run the manage-securid-authenticate-app-provisioning utility for the affected user(s). For full instructions, see Enable the RSA SecurID Authenticate App for Specific Users  — this article covers how to run the utility for individual users or a bulk user list.
 
ℹ️ NOTE: The utility can be run at any time — before or after users have registered their Authenticate app. It will safely ignore any users who have already been enabled.
 
Step 3:  Ask the affected user(s) to retry authentication using the RSA SecurID Authenticate app.
 
Step 4 Verify: Confirm the user can successfully authenticate. Authentication Manager should no longer log the error:
Unable to resolve user by login ID and/or alias, or authenticator not assigned to user


 

Notes
Admin Log Messages: When the manage-securid-authenticate-app-provisioning utility runs, Authentication Manager generates the following administrative log messages: Create Token, Update Principal, and Link Token with Principal.
Token Format: Each successfully enabled user will have a SecurID token assigned in the format MFA123456789, representing their RSA SecurID Authenticate App registration.