Article Number
000035223
Applies To
RSA Product Set: SecurID Access
RSA Product/Service Type: Cloud Authentication Service
Issue
RSA Authentication Manager 8.2.1 or higher has been configured to accept tokencodes generated by the RSA SecurID Authenticate app. See
Configure RSA Authentication Manager to Handle Authenticate Tokencodes.
Users that do not have a SecurID software or hardware token fail to authenticate with their SecurID Authenticate app with the Authentication Manager reporting the following authentication error:
Unable to resolve user by login ID and/or alias, or authenticator not assigned to user
Cause
RSA Authentication Manager users who do not have an active RSA SecurID hardware or software token assigned to them must be explicitly enabled to use the RSA SecurID Authenticate app by an Authentication Manager super admin.
Resolution
Users without an existing SecurID token must be enabled to use the RSA SecurID Authenticate App with the manage-securid-authenticate-app-provisioning utility as described in the documentation on how to
Enable the RSA SecurID Authenticate App for Specific Users.
The manage-securid-authenticate-app-provisioning utility can be run on a list of users at any time (before or after users have registered their Authenticate app) and will safely ignore any users that have already been enabled.
Notes
The manage-securid-authenticate-app-provisioning utility processing will generate Authentication Manager administrative log messages such as Create Token, Update Principal and Link Token with Principal. Each enabled user will then have a SecurID token of the form MFA123456789, representing their SecurID Authenticate App.
