AnsweredAssumed Answered

Allow Alias to use the Token of his other AD Disabled Account

Question asked by Tuemay Oezden on Mar 20, 2020
Latest reply on Mar 20, 2020 by Steven Spicer

Hello,

 

We get our RSA User data from the AD.

The User usually has 1 - 3 Accounts in this DMZ with different privileges. 

A good amount of those Users have 2 Accounts for different services. What happens now is that users sometimes forget or don't use their second account after a few months causing it to get deactivated. If this disabled user has a Token assigned, the user is not able to log in with his other account anymore via the alias feature.

 

Is there any way to circumvent the problem without requiring admin input? The fact that a disabled user has a token is of no matter to us. We just want his other Account to be able to use that token to login. Since the token has to be assigned to one of the accounts, this problem is bound to ( and already does) happen in our system.


I do understand why it happens ( account A is basically pretending to be Account B) but a solution to this problem would be great. 

 

Thanks for the help.

Outcomes