Manual Cleanup for Unresolvable Users

RSA recommends cleaning up unresolvable users for the following reasons:

  • Unresolvable users count against the license user limit. After cleaning up unresolvable users, the count is reduced, and you can register more users in your deployment.

  • Tokens assigned to unresolvable users remain assigned to them. After cleaning up unresolvable users, you can assign their tokens to other users.

If users are moved to an identity source in a different physical directory, reassign the tokens to the same users. You also need to reassign any fixed passcodes, on-demand tokencode settings, and administrative roles that users had prior to being moved.

The manual cleanup process removes the association between the users in an LDAP directory and RSA-specific data in the internal database. For instructions, see Clean Up Unresolvable Users Manually.

During a manual cleanup, RSA Authentication Manager generates a list of unresolvable users from linked identity sources. You can preview the users affected by the cleanup before removing all references to the users. By default, all unresolvable users in linked identity sources are cleaned up. A manual cleanup does not clean up user groups.

The manual cleanup process applies only to LDAP directory identity sources that are linked to the system. If an identity source is not linked, no users are unresolvable, and no manual cleanup is necessary.