SecurID^® Discussions

championc · ‎2023-01-12

You had some information in your screen shots that would be considered Personally Identifiable Information (PII) that we recommend not making visible in a public forum such as this. I have removed your screen shots and redacted some information. Here are some tips for posting questions to the RSA SecurID Community

Erica

* * *

Hi all

I have an issue with a user's account. It seems that someone may have changed the AD username and changed it back to what it was, but the damage is done. I'm now just trying to delete the user from RSA to allow them to be setup again

The user is <user_name>.

I found her token in the database but it is assigned to an <UNKNOWN> user.

I have tried doing the LDAP Query within Deployment Configuration > Identity Sources > Manage Exiting > OurDomain > MAP with the Query (&(objectClass=User)(objectcategory=person)(!(samAccountName=<user_name>))), but when I did the Setup -> Identity Sources -> Clean Up, I got nothing.

I've tried deleting to user but no joy. What can I do please ?

EricaChalfin · ‎2023-01-12

@championc,

I have moved your question to the SecurID discussion forum where it will be seen by our engineers and other Authentication Manager users.

Some questions:

When you ran the cleanup, was the checked option about the grace period checked or no?
Have you tried the steps outlined in this article on being unable to unassign RSA SecurID token or assign token to another user in RSA Authentication Manager Security Console?

Best regards,
Erica

FrankMiller · ‎2023-01-12

The first thing you need to do is search across all identity source. In you screenshot you will see a a link below the Search button.

put your end user's user ID in the fourth line and see if there are any other instances for that user ID.

Second thing to look for in Setup -> Identity Sources ->Link and see if you have any unlinked identity sources. If you do. Link them back then try doing the cleanup

championc · ‎2023-01-16

What appears are the two accounts I expected - so for the use I am trying to fix, only once is she listed, and in the expected domain too

championc · ‎2023-01-16

@Erica, that links will not allow me to logon to see it

EricaChalfin · ‎2023-01-17

@championc,

What error do you see when you try to access the article? Are you logged on to the RSA community portal when you try to open it?

Best regards,
Erica

championc · ‎2023-01-19

After loggin in here to access this portal, when I click on the link, I get brought into another logon for which, when I re-enter my creds, I get an "Unsuccessful logon." error

championc · ‎2023-01-20

BUMP 🙂

championc · ‎2023-01-20

Just a further update, when I go into Assigned Tokens, and sort alphabetically, I can see the token for the user with "<Unknown>" in the Assigned To field, in exactly the line where the user should be if their name was still there and working

FrankMiller · ‎2023-01-20

When you see <Unknown> like that. That is a user that is no longer resolvable. if you go to the CLI /opt/rsa/am/rsapgdata/log/ you will see the postgres (db) logs. open todays log. This log file will give you an indication of who the token is assigned to.

SecurID® Discussions

rsa Cannot add or manage a user with user ID com.rsa.common.InvalidArgumentException: Duplicate user ID. - Help needed

SecurID^® Discussions