This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
Cwc2
New Contributor
New Contributor
‎2023-03-07 05:24 AM

SecureID phone app - locked account notification

Is there a way to notify a user their account status is locked via the secureid app?  SecureID is the second highest volume of service desk calls we get and it’s because the user doesn’t realize they are entering a bad pin in the app.  

0 Likes
Reply
4 Replies
HassanMehsen
Respected Contributor
Respected Contributor
‎2023-03-07 06:16 AM

As far as i know,  this feature is the most needed feature and its not available with the AM nor the cloud authentication service, the best approach is to push the syslogs to your SIEM or syslog server which in its order can notify if any user got locked.

0 Likes
Reply
JCLaurent
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2023-03-07 12:38 PM

Cwc2, based on what you describe, you're using AM-based credentials, not CAS credentials, correct?

There's no communication channel between our software authenticator and AM, (AM doesn't know which authenticator device is used by which user) so AM can't then notify user of a particular device, about an event like account being locked..

There's also no way for the authenticator app to inform the user he is entering an incorrect PIN, as the pin itself is not known by the authenticator, it is only known by the user, and by the Authentication Manager.

 

0 Likes
Reply
Cwc2
New Contributor
New Contributor
In response to JCLaurent
‎2023-03-07 12:43 PM

So how do users get self service support with RSA vs having to call into a Service Desk? It seems the solution is adding a single threaded support process for users that are leveraging an MFA methodology.
0 Likes
Reply
JustinMitchell
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2023-03-11 11:11 AM

We don't want to disclose the exact reason for authentication failure as this can be beneficial to a threat actor. That said, our on-prem Authentication Manager and Cloud Authentication Service support account/authenticator auto-unlock which may be helpful in his case. The idea behind auto-unlock is to discourage a threat actor from continuing to attempt to exploit said user/account, but not lock out the actual user. Typically, we see auto-unlock configured to 15-30 minutes and some instruction to users to try again in 15-30 if you are unable to authenticate.

Authentication Manager Lockout Policy:

JustinMitchell_1-1678550406431.png

Cloud Authentication Service Authenticator Settings:

JustinMitchell_2-1678550438941.png

 

Lastly, we do offer a secure single pane of glass self-service platform called SecurID Access Prime, which bolts onto Authentication Manager and the Cloud Authentication Service (hybrid deployment). SecurID Access Prime self-service, upon successful strong authentication (2FA/MFA), is able to automatically unlock a user's RSA and/or directory account in real-time. Prime also streamlines many other areas of user/authenticator lifecycle management. 

JustinMitchell_5-1678550861143.png

 

 

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.