Article Number
000027348
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
O/S Version: SUSE
Issue
This articles explains how to:
- Change token policies on a subset of users
- Change policies to users in phases
Tasks
Changing a policy assigned to a Security Domain changes the policy for all users in the Domain. It is not possible to change a policy for a subset of users in a Security Domain. However, it is possible to effectively change a policy on a subset of users by moving those users to a new Security Domain with the changed policy.
If a policy is assigned to more than one Security Domain and you want to change the policy for only one of the Security Domains, duplicate the existing policy. Then make the necessary changes to the duplicate policy, and assign it to the Security Domain you want to change.
Resolution
To alter a token policy, find the policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain, and a change to the policy will affect all Security Domains to which the policy is assigned.
- Open the Security Console and go to Administration > Security Domains > Manage Existing.
- The existing Security Domains are listed and each can be viewed to show the currently assigned policies.
To alter the token policy,
- Go to Authentication > Policies >Token Policies > Manage Existing.
- Edit the policy to which you want to make a change.
- Click Save when done.
- Apply the token policy to a security domain.
If the policy is assigned to several Security Domains and you want to make a change to the policy for only some of the Security Domains,
- Go to Authentication > Policies >Token Policies > Manage Existing.
- Click on the policy and select Duplicate.
- Select the desired options on the duplicate policy and click Save.
- The policy can now be assigned to the Security Domains to which you want to make changes.
Notes
To move a subset of users to a new Security Domain with a different policy,
- Open the Security Console and go to Identity > Users > Manage Existing.
- Search for users, using the filters to select the subset of users you want to move.
- Check the box next to the users you want to move, and use the pull-down at the top of the screen to select Move to Security Domain....
- Click Go.
- On the next screen, select the new Security Domain.
- Click Move.
IMPORTANT: Administrators who are scoped to only have access to the previous Security Domain will not have access to the new Security Domain.