SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000031420
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Users in a newly attached external identity source show as disabled, and administrators cannot manage or edit the users in RSA Authentication Manager.
Cause
This is a permissions issue for the LDAP service account used to manage the Active Directory on the RSA Authentication Manager from the Operations Console.
Resolution
- From the external identity source (Active Directory in the example below), make sure that the group of users are being managed by the administrator (service account) who has full read permissions on the group:
Image description
Image description- Login to the primary Authentication Manager Operations Console and select Deployment Configuration > Identity Source > Manage Existing.
- Click the context arrow next to the identity source in question and click Edit.
- Click on the Map tab.
- Scroll down to the section labeled Directory Settings.
- Set the User Account Enabled State to Manage in Directory and Internal database. This specifies where Authentication Manager looks for the enabled/disabled state of user accounts.
- Click Save.
- Select the Home tab on the Operations Console and click Flush Cache.
- Choose to flush all cache objects and click Flush.
- Wait for five minutes to ensure all cached objects have been cleared.
- Go back to the Security Console and attempt to enable or manage a user.
In this article
