After you use the Security Console wizard to connect Authentication Manager to the Cloud Authentication Service, on-demand authentication (ODA) users can have the same PIN for authenticating with ODA, Approve, and Device Biometrics. When these ODA users enter their PINs, they are issued one-time tokencodes because ODA has priority over other types of authentication.
RSA Authentication Manager 8.4 Patch 7 or later allows you to prioritize Approve authentication for these ODA users, and Patch 9 extends this functionality to Device Biometrics authentication. When ODA users enter their PINs, they are prompted for Approve or Device Biometrics authentication.
Before you begin
Obtain the rsaadmin operating system password.
Log on to the appliance using an SSH client.
When prompted for the user name and password, enter the operating system User ID, rsaadmin, and the operating system account password.
To add the parameter that lets you specify whether ODA has priority over other types of authentication, enter:
./rsautil store -o admin -a add_config auth_manager.cas.authentication.runtime.precedence.enabled false GLOBAL 500
To prioritize Approve or Device Biometrics authentication for ODA users, enter:
./rsautil store -o admin -a add_config auth_manager.cas.authentication.runtime.precedence.enabled true GLOBAL 500
Restart the services on the primary instance. If there are replica instances, restart the services after replication is complete.