SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000038915
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
The following error displays while authenticating from a client, such as an F5 BIG IP APM, configured for Risk-Based Authentication.
User is not enrolled for any of the allowed identity confirmation authentication methods
Image description
User is not enrolled for any of the allowed identity confirmation authentication methods
Image descriptionResolution
This error happens when:
This error occurs during initial authentication with silent collection disallowed. It can also occur with silent collection allowed, but after the silent collection period has expired and without configuring a secondary challenge method.
If silent collection is not allowed, users must be instructed to configure their secondary challenge methods using the Self-Service Console before their first RBA authentication. If silent collection is allowed, then risk-based enabled clients will prompt a user to set up their identity confirmation method after a high assurance authentication (for example, from a known device). If this has not been done before the silent collection period ends, then the user must use the Self-Service Console to configure their identity confirmation method.
Image description
- The authentication generated an assurance level below the configured assurance threshold, AND
- The user has not configured a secondary challenge (identity confirmation) method for their account.
This error occurs during initial authentication with silent collection disallowed. It can also occur with silent collection allowed, but after the silent collection period has expired and without configuring a secondary challenge method.
If silent collection is not allowed, users must be instructed to configure their secondary challenge methods using the Self-Service Console before their first RBA authentication. If silent collection is allowed, then risk-based enabled clients will prompt a user to set up their identity confirmation method after a high assurance authentication (for example, from a known device). If this has not been done before the silent collection period ends, then the user must use the Self-Service Console to configure their identity confirmation method.
Image descriptionNotes
Identity confirmation methods can be security questions, On-Demand Authentication, or both.
Image description
Image descriptionIn this article
