This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Set the RSA Authentication Manager internal database password to optional

Article Number

000015716

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

Issue

This article explains how to set the RSA Authentication Manager internal database password to be optional.

When adding a user to the internal database, the following warning displays:

The indicated field(s) on this page require your attention.

"Password" is required.
"Confirm Password" is required.

It is required  for users in the internal database to have an RSA password.

Cause

The Identity Management System used in RSA Authentication Manager has to support users in different data stores (for example, Microsoft Active Directory and SunOne).  This means that even though Authentication Manager does not require a password, our optional data stores do. 

The RSA password may be used to log in to the Security Console and Self-Service Console by administrators and users respectivel,  also if the API is used then the RSA_Password method may be used for login if the RSA_Password has been set.

Since the existence of this value is dependent on whether the user is stored in the internal database or one of the optional data stores the setting to manage this option is configured in the identity store settings in the Operations Console.

Resolution

Remove the password requirement from the internal database by doing the following:

  1. Log on to the Operations Console and navigate to Deployment Configuration > Identity Sources > Manage Existing.
  2. Click on Internal Database and choose Edit from the list of options.
  3. Select the The user password is optional radio button. 

If you have any administrators logged into the Security Console they will need to log out and back in to see the changes. 

After making the change when you create a new user in the internal database, the password prompts are replaced by a Manage Password checkbox.  If you need the user to have a password just check Enable Password and enter the password as normal.  This feature is present to allow you to be able to use the features listed above where the RSA Password may be used.

Notes

Be careful to plan properly for this type of operation.  Make sure the Security Console and Self-Service Console authentication methods have been configured to allow other credentials and that your users have those credentials. 

You will always need to have at least one super admin with an internal password, since at the point where the Operations Console prompts for a username/password of a user with superadmin privilege that this user must be in the internal database.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 07:26 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.