We have a user who swears he never registered his iPhone, yet is not being challenged as he would've expected.
Is there a SQL query (Oracle) or other method for getting an inventory of all registered devices for a given user in our AAOP database? We would obviously need to see at least a user agent or other identifying information to verify whether or not his iPhone was among the registered devices for his account...can you help?
Thanks and Regards--Ross Fortini, Aon
If your application is configured to work on both Risk Based and Device Based, there is no guarantee that the user should be challenged if the device is not bound. At the same time it depends on how the rules are configured.
But if you would like to get to know the current bindings and the corresponding device information for the user, merge the Users, Bindings and Desktops tables. Sample is below.
select u.username, b.pmid, b.cr_date, b.last_used, d.browser, d.ip_address, d.created, d.created_by, d.fingerprint from RSA_CORE.users u join RSA_CORE.bindings b on u.id=b.userid join RSA_CORE.desktops d on d.pmid=b.pmid where u.username='Your_Username_Here'