After updating the IDR portal certificate via My Account > Company Settings, SecurID authentication with the Authenticate App no longer works. When attempting authentication, the Authentication Manager Authentication Activity Monitor shows:
RSA SecurID Access Authenticator Tokencode verification failed for user "<username>" Unexpected return code or unexpected exception occurred.
The new certificate is chained from a different root certificate than the original certificate.
The Authenticate App<->Authentication Manager agent integration (both trusted realm for SecurID Access-only users and the Authenticate App integration for Authentication Manager users) depends on the Authentication Manager trusting the IDR root certificate. Changing the IDR root certificate will break either type of existing IDR<->Authentication Manager trust relationship.