OK...here we go. Lets see if I can explain this. I have 3 users with 2 different windows AD logins. Ones a Domain admin the other is not.
I have the SecureID token assigned to the non Domain Admin acct. and I have the DA acct setup as an alias for each of the users. 2 out of the 3 work. And I cant find why the 3rd is not.
All SecureIDs work for the 3 regular accounts as expected.
user1, user2, user3 are part of Identity Group RegularUsers (synced with AD)
user1DA, user2DA, user3DA are part of Identity Group DomainAdminUsers (synced with AD)
All the above 6 users are members of RSA local group AliasDomainAdmins in order to allow adding of aliases
In each user1, user2, user3 I have added the alias user1DA, user2DA and user3DA respectively to their accounts. So now they can login to a Domain Controller with their DA accounts and SecureID associated with their regular accounts.
This works for 2 of the users. The 3rd user gets "Principal Does Not Support One or More Authenticators" . I have had multiple eyes on the configuration. No one sees anything different on how his alias is setup.
Thoughts??
