This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
RajaS
New Contributor
New Contributor
‎2019-03-08 03:24 AM

How to provide On-Demand Pin for a selective 10- 50 users

How to provide On-Demand Pin for a selective 10- 50 users, as we can see the Enable users give all the users in Alphabetical order and there is no criteria to search for particular few users to provide ODA.

Labels (1)
Labels
0 Likes
Reply
11 Replies
EdwardDavis
Employee
Employee
‎2019-03-08 08:11 AM

You can use Authentication Manager Bulk Admin EODA on command line, and input a .csv file with userid's and pins:

 

Enable OnDemand Authentication
This command enables an OnDemand Authenticator for a principal. A PIN may be
assigned or system generated. Some field names are duplicates of field names used for
token management but may have slightly different usage. Consult this guide and the
RSA Authentication Manager Help for the correct definition of ODA command fields.
Results are written to the AMBA results file. Use the CRFN command to change the
results file path and name.

Action EODA
Required Fields DefLogin, PINIndicator, SetPin*


Optional Fields IdentitySource, SecurityDomain, InstanceName, PinMode*,
ExpiryDate, DeliveryMethod, DestinationAddress*,
TemplateFile, OutputOption
* These fields are ignored when PINIndicator is set to GENERATE_PIN.

Reply
RajaS
New Contributor
New Contributor
‎2019-03-11 11:11 AM

Hi Edward,

 

Thanks for your reply,  can you please provide any steps or a screenshot where I can find the  Authentication Manager Bulk Admin and to enter the EODA in the Command Line. Any steps or a document that you can share it to me would be great full to learn the procedure to provide ODA in bulk.

0 Likes
Reply
DavidAllison
Respected Contributor Respected Contributor
Respected Contributor
‎2019-03-14 02:54 PM

AMBA is included with AM 8.2 and later, but it does require an enterprise license.  Full documentation of AMBA functions and features, command line syntax, and sample AMBA scripts is available here (part of the standard RSA documentation set for Authentication Manager):   https://community.rsa.com/docs/DOC-97710 

Reply
PiersB
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2019-03-15 08:39 AM

Are you using Security Domains to scope administrative data?

 

You could move the users to a sub-Security Domain and use the Security Domain filter to just select the users that are trying On-Demand. AM allows the administrator to create a Security Domain hierarchy.

pastedImage_2.png

There are currently four user attributes that can be used to filter search results. I would be interested to hear which other attributes would be useful.

 

Of course, I would also recommend you take a look at the RSA SecurID Access Cloud Authentication Service. This provides a policy-driven, multi-factor, cloud-based authentication service (including SMS OTP) and integrates with your on-premises RSA SecurID Authentication Manager.

Reply
RajaS
New Contributor
New Contributor
In response to PiersB
‎2019-06-11 03:30 AM

Hi Piers,

 

Thanks for your valuable comments, the console can be searched the users one by one and only can be moved to  a sub omain, that actually a time consuming than providing OD-Pin individually.

0 Likes
Reply
RajaS
New Contributor
New Contributor
In response to PiersB
‎2019-06-11 03:48 AM

Hi Piers,

 

Can you help me in solving a error message issue which appears while replacing a soft token on the existing hard token in RSA Self Service Portal when clicked replace token button.

 

Error message as "Error message From Server Details-> Original token already have an replacement  soft token"

 

We tried in different browser and cleared cookies worked for few users but i hope that's not the solution, few users still remain the same error message.

 

Can you please advise in solving the permanent issue.

0 Likes
Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
In response to RajaS
‎2019-06-11 01:28 PM

Raja S‌,

 

I came across a thread from April (https://community.rsa.com/message/932057) where another customer reported a similar error of original token XXXXXXXXXX already has a replacement token.

 

The TSE's response was that the customer needs to open a case with RSA Customer Support, and "specifically ask for the remedy in AM-29999. It will be some SQL deletes, but we need to mine your database for the possibility of more offending tokens you have not run into yet."

 

Regards,

Erica

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to RajaS
‎2019-06-11 02:10 PM

Raja,

Do you know if you use AMIS or AM Prime with Authentication Manager?

If a token had been assigned a replacement token, you should be able to see that replacement token in the Security Console, but as Erica pointed out, there was another forum question on (and a related Support case) about this particular problem, and we had to look in the internal postgres database to see the 'partially' assigned replacement token serial number.  This should not have happened, the suspicion is some integrity check was lacking through either a custom admin API application or in an older version of AMIS, the Authentication Manager Integration Service that RSA Professional Services wrote to extend the capabilities of Authentication Manager.

0 Likes
Reply
RajaS
New Contributor
New Contributor
In response to _EricaChalfin
‎2019-06-19 04:05 AM

Hi Erica,

 

Thanks for your prompt reply.

 

We have also checked if there's any token replacement request already in place while replacing a soft token but none were in RSA Console.

 

Temporarily we had to reset the user profile and tried with a replacement so it worked, but that was not advisable just for assigning a token reset won't work for other user facing same issue.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.