Troubleshooting Cloud Authentication Service User IssuesTroubleshooting Cloud Authentication Service User Issues
The following table contains information that help desk administrators can use to troubleshoot Cloud Authentication Service user issues.
SecurID App Installation SecurID App Installation
Issue | Resolution |
---|---|
A user cannot open or install the SecurID app. |
Confirm the following:
|
Authenticator RegistrationAuthenticator Registration
Issue | Resolution |
---|---|
|
Investigate these areas:
|
A user believes that registration is complete. However, SecurID instructs the user to install the SecurID app. |
In the Cloud Administration Console , click Users > Management, navigate to the user's Authenticators page, and confirm that the authenticator is listed. If the authenticator does not appear, instruct the user to complete registration again. |
A user is concerned about the SecurID for Android app requesting multiple permissions during registration. |
The SecurID app requests the minimum number of permissions required for the application to function. For more information, see the privacy policy at https://www.rsa.com/en-us/company/privacy. |
An iOS or Android user sees the following error message in the SecurID app: Untrusted Connection. |
If your company uses Secure Sockets Layer (SSL) interception, users will see this message during registration. Instruct users to complete registration using a Wi-Fi network that does not use SSL interception, such as a cellular data or a home Wi-Fi network. They can use corporate Wi-Fi after registration is complete. If users see this message after registration is complete, consult your company's IT team to resolve the issue. |
A user is prompted to complete registration, although the user has already completed registration. |
The user might see this message if you have deleted the user's authenticator in the Cloud Administration Console . Instruct the user to complete registration again. |
A user completes registration on one authenticator and then gets a new authenticator. The user needs to complete registration on the new authenticator. |
Instruct the user to delete the old authenticator in My Page, and then complete registration on the new device. Or you can delete the user's current authenticator before the user completes registration on the new authenticator. For instructions, see Manage Users for the Cloud Authentication Service . |
A user receives the following error message when registering a device: Unsuccessful SecurID Setup. You have another device registered with SecurID. Contact your administrator. |
The user either already has a registered device or performed a factory reset on an existing registered device and tried to re-register. An Android 8.0 (Android O) user who re-installs the SecurID app on the same device also sees this message. Instruct the user to delete the device in My Page. Or in the Cloud Administration Console , delete the user's current device. For instructions, see Manage Users for the Cloud Authentication Service . Instruct the user to complete registration again. Review the SecurID app logs for this event. |
An Android user receives one of the following unsuccessful setup messages and cannot complete registration or add another account:
|
|
ApplicationsApplications
Issue | Resolution |
---|---|
A user cannot sign into the application portal. |
In the Cloud Administration Console , click Users > Event Monitor. The user event monitor shows the following reasons for unsuccessful application portal sign-in:
Also, check that the user is included in the scope of the identity source that was added to SecurID. Identity sources are configured in the Cloud Administration Console and enable users to access protected applications in the application portal. |
A user expects to have access to an application but cannot see the application. |
Sign into the
Cloud Administration Console.
|
A user receives HTTP error 500 when trying to access an application that has been added to SecurID using either the HTTP Federation (HFED) Proxy or trusted headers methods. | Confirm that the application web server has a valid SSL certificate that has been signed by a certificate authority (CA) that the identity routers trust. For more information, see Cloud Authentication Service Certificates. |
Authentication MethodsAuthentication Methods
Issue | Resolution |
---|---|
Authentication is unsuccessful. |
Investigate these areas:
|
A user sees the following error message in the browser when trying to authenticate: Cannot Contact Your Mobile Device. |
When SecurID detects an unexpected error while trying to contact a user's mobile device, this error appears. Instruct the user to try again in a few minutes, or to select a different authentication method. (If the application is assigned an assurance level that does not have optional methods, then authentication fails.) |
A FIDO authenticator user sees the following error message in the browser when trying to register or authenticate: An Error Occurred. | This message might appear if the Cloud Authentication Service detects the authenticator as counterfeit or compromised. |
A user wants a simple way to copy the SecurID Authenticate Tokencode into a mobile browser. |
The user can tap the tokencode to copy it. |
A user taps Approve in the SecurID app but is not authenticated to the application. |
|
A user cancels the Sending Sign-in Request screen in the browser, selects Approve, and then sees the tokencode screen in the in browser. |
Instruct the user to do the following:
|
A user expresses concern about SecurID storing face prints in the Cloud Authentication Service. |
The Cloud Authentication Service does not store fingerprints or faceprints. |
A user cannot reset the PIN used to view the SecurID Authenticate Tokencode. |
|
A Windows user cannot create a Hello PIN when the app prompts the user to do so. |
Windows Hello must be enabled to use Biometrics as a Windows authentication option. To confirm that Windows Hello is enabled, work with your IT group. |
A Windows user is not receiving notifications for the Approve or Biometrics options. |
If you want the user to receive notifications, ensure that the user's PC can contact the Windows Notification Service. For more information, see Cloud Authentication Service User System Requirements. If notifications cannot be enabled, instruct the user to open the app and pull down on the home screen to retrieve notifications. |
GeneralGeneral
Issue | Resolution |
---|---|
A user needs to back up and restore a mobile device. |
On iOS devices, the SecurID app data is included in a system backup. On Android devices, the SecurID app is not included in a system backup. If a user needs to restore a device from a system backup, instruct the user to complete the following steps to use the SecurID app on the restored device.
|
A user is not receiving push notifications. |
Investigate these areas:
|
An iOS user does not use Alert Notification Services (APNS) but needs to use the SecurID app. |
An iOS user can disable both ANS and SecurID app push notifications. For mobile authentication methods, the user must pull down on the app home screen to retrieve push notifications. |
An Android user does not want the SecurID app to use push notifications. |
A user cannot disable Firebase Cloud Messaging (FCM) notifications, but the user can disable SecurID app notifications. |
A user forgets the device that has SecurID app installed on it, and wants to access an application protected by SecurID. |
If the application is assigned an assurance level that can be satisfied with a non-mobile authentication method such as SecurID Token or FIDO, and if the user possesses one of those tokens, then the user can complete authentication. |
A user lost the device that has the SecurID app installed on it. |
In the Cloud Administration Console , delete the user's device. Another user in possession of the lost device might be able to authenticate to a protected application if that user knows the device owner's LDAP directory password. |
A user mistakenly uninstalled the SecurID app. |
Instruct the user to install the app and complete registration again. Provide the user with the necessary information. |
A user performed a factory reset on a device and the SecurID app was deleted. |
Instruct the user to delete the device in My Page, or in the Cloud Administration Console , delete the user's device. Instruct the user to install the app and complete registration again. |
An Android user is connected to the internet but continues to see the following error message: Check your internet connection. |
This error appears when the user is signed into a secure Wi-Fi network but has not yet entered the password. Instruct the user to enter the network password and then continue. Review the SecurID app logs for this event. |
A user is prompted to accept the EULA or enter a User ID or Email Address and Company ID again after registration. |
This can occur for the following reasons:
|
More than one user wants to use the same device and same app. |
SecurID supports only one device registered with the SecurID app per user. A user cannot sign out of the app so that another user can sign into the app. On a Windows 10 desktop, multiple users can use the same machine as long as each user has a unique account and has completed registration with the SecurID app on that account. |
A user experiences an issue with the app and needs troubleshooting help. |
Review the app logs. Ask the user to send you the logs using these instructions.
You can also use the Cloud Administration Console Event Monitor to troubleshoot user issues. Click Users > Event Monitor. |
A user expresses concern about the app requesting permission to collect usage data using Google Analytics. |
The SecurID app requests user permission to collect anonymous usage data to improve the app. A user allows or denys this request during the initial opening of the app. A user can also change this setting in the following locations:
The user's selection for this setting does not impact the functionality of the app. |
A user sees the "Device Not Compliant" message. |
The SecurID app has detected the device as jailbroken or rooted. Instruct the user to restore the device. If the user reports that the device is not jailbroken or rooted, instruct the user to email you the logs for the device using the link in the message. Then provide these logs to SecurID Customer Support. |