This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Default token policy change prompts every user to change their PIN in RSA Authentication Manager 8.x

Article Number

000031233

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

 

Issue

When the default token policy is changed, all users assigned to Security Domain(s) are immediately assigned the new Ttoken policy, forcing users in the Security Domain(s) to change their PIN the next time they authenticate.

If you edit a token policy and check the box to make this policy the default policy, it changes the token policy configured within the Security Domain(s) to this Default Policy.

Procedure to set a default token policy

  1. In the Security Console, navigate to Authentication > Policies > Token Policies > Manage Existing.
  2. From the context menu of the chosen token policy, click Edit.
  3. For Default Policy, select checkbox next to Set as default SecurID token policy, as shown below:
Image descriptionImage description
  1. Click Save.

Resolution

  1. Let's say you have an Initial Token Policy that requires a minimum PIN length of four digits as your Default Token Policy
  2. There is another token policy called Test Token Policy with a minimum PIN length of six digits.
  3. A Security Domain called TestDomain has the Initial Token Policy assigned to it.
 
Image descriptionImage description
  1. The TestDomain security domain has policies configured with SecurID Token Policy "Always Use Default"
Image descriptionImage description
Image descriptionImage description
  1. Later the default policy is changed to Test Token Policy.
  2. Once you save the default token policy change, TestDomain will have a token policy of Test Token Policy, effectively and all users in TestDomain will be challenged to set a new PIN if they have four-digit PIN.  This is functioning as designed.
  3. To avoid any unexpected results from the default policy change, use a custom policy instead of Always Use Default when you add a new Security Domain.

Procedure to assign a custom token policy to a Security Domain 

  1. In the Security Console, click Administration > Security Domains > Add New.
  2. In the Security Domain Name field, enter a unique name. 
  3. From the SecurID Token Policy drop-down list, assign a SecurID token policy to the security domain. 
  4. Click Save.
Image descriptionImage description

Notes

For more information, see "Security Domains and Policies" in the RSA Authentication Manager Administrator's Guide for your version.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 09:25 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.