This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JoseLuisMartinM
Occasional Contributor
Occasional Contributor
‎2020-01-30 05:45 AM

AM 8.4 Patch 9 and Biometrics

Hi all,

 

We have a deployment with AM 8.4 integrated with the Cloud Authentication service, using Approve and Tokencode methods.

 

We've upgraded to Patch 9 to be able to use Device Biometrics. After patch installation, we've modified the assurance level in Cloud to include Device Biometrics as first option and pushed the changes.

 

We're testing it, and following the documentation if we put and existing PIN we should be prompted for Biometrics or Approve... but we end getting an Approve.

 

Have we missed any step(s) to make this work?

 

Thanks

Labels (1)
0 Likes
Reply
2 Replies
TedBarbour
Employee
Employee
‎2020-01-30 09:32 AM

Hi Jose - unfortunately the Patch 9 readme is somewhat incomplete in this regard (rework is in process).  

Assuming biometrics has been added to your assurance level (first choice) and user has previously used the approve method you have a couple of options:

 

  1. if using the RSA SecurID Access Cloud Authentication System (CAS) for any browser-based applications, users have the option of choosing their additional authentication method.  Whatever is chosen becomes their default method on any future authentication attempts. 
  2. if only using the CAS for RSA SecurID Authentication Manager-protected resources (PIN+approve/biometrics) then you must temporarily delete the approve method from your assurance levels and have the user authenticate to the Authentication Manager-protected resource.  This will cause the biometric method to be used and set as user's default method.

The fundamental problem is that the user cannot explicitly choose their additional authentication method in the PIN+ scenario.  Note that new users do not have this problem as the first method in the assurance level configuration will be used as default.  See How Assurance Levels Are Used During Authentication for more information.

 

Hope that helps,

Ted

Reply
SrirangaPrasan1
Employee
Employee
In response to TedBarbour
‎2020-01-30 10:11 AM

Tested the second use case as per Ted Barbour‌ suggestions and it works on my test systems.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.