Article Number
000038501
Applies To
RSA Product Set: RSA SecurID Access
RSA Product/Service Type: Cloud
Issue
After
enabling additional (step-up) authentication for the Cloud Administration Console, or after changing a setting, such as the
Access Policy for additional authentication or the
Assurance Level that it uses, one or more administrators are unable to log in to the Cloud Administration Console.
The following error shows when attempting to log in to the console after using the
Forgot Password link:
Authentication failed
Cause
The Access Policy that is configured for step-up authentication denies the authentication. Some examples of why this may occur include:
- The user is not in a target population that is configured in the Access Policy that can access the Cloud Administration Console.
- The login attempt matches a Deny Access rule that is configured in the Access Policy. For example, logging in from a country that is denied access, or the user's network is not on the Trusted Network list.
- The login attempt matches an Authenticate rule, but the configured Assurance Level only allows authentication methods that are not available to the administrator's user. For example,
- Approve when the administrator's user does not have a registered RSA Authenticate app device, or
- RSA SecurID when the administrator's user does not have an assigned RSA SecurID token.
Resolution
