Recent Authentication Activity
token authentication is happening fine and for some authentications ,in the activity details i can see the node IP of replica.
does it mean replica performed the token authentication for that transaction?
because as per documents i read that replica is read only instance.
- Auth Manager
- Authentication Manager
- Community Thread
- Forum Thread
- recent authentication activity
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
Yes, that is correct. Replica can do administrative activities if it has been promoted to a primary under the condition if the original primary is unavailable or offline.
Replica is considered read-only for administrative work (adding tokens or managing users) but as it sits there it will authenticate traffic that hits it, the same as a primary. It is read-only in the sense that all changes you make occur on the primary, and the primary copies those changes to the replica database so all systems have identical users and tokens.
The replica will log activity it processes, and send the logs to the primary where you can run reports on the events. If you set a replica to send logs to syslog, then the replica will directly send those events to your SIEM tool, as well as send the RSA logs to the primary for the reporting.