This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JaredPayne
Beginner
Beginner
‎2017-07-17 06:06 PM

Number of Assigned Licenses More Than Number of Assigned Tokens

On our Security console when I go to view license status it says the actual number of Users with Assigned Tokens is 185. However when I go to manage existing assigned tokens and view all assigned it shows only 165. How do I get the licenses to accurately reflect the number of assigned tokens?

Labels (1)
0 Likes
Reply
3 Replies
PiersB
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2017-07-17 06:15 PM

You should check the number of users that have been configured to use static passcodes (under the user context menu "Authentication Settings..."). Users that can authenticate with static passcodes count against the license limit.

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-07-17 06:26 PM

Anybody with at least 1 authenticator; hard token, soft token, On-Demand token or Risk Based Auth, RBA, will count towards the 185 you see.  The tricky part is this can include lost of orphaned users in Active Directory or other external Identity Source.

You'll need to run a clean-up job first

Then you may also need to search the internal database to find some dead links to ObjectGUIDs in Active Directory that AM cannot clean up - usually due to some combination of changes such as disabling and moving or changing some user info and moving (which changes the DN)

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to JayGuillette
‎2017-07-17 07:02 PM

If you need to dig deeper, there is a KB called How to get an accurate license count, which is KB 30005, link below, or you could find with a search

LinkAccurateCount.png

https://community.rsa.com/docs/DOC-45944 

This is not exactly easy, but if AD is screwed up, this might be a way to surgically remove people.

A variation on this would be to export all users and tokens, unlink the Identity Source, run clean-up and remove everyone, re-link the Identity Source then re-import all users and tokens back in, which will only be the ones who could be found not the orphans, and they will be found in AD again.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.