Hello,
We get our RSA User data from the AD.
The User usually has 1 - 3 Accounts in this DMZ with different privileges.
A good amount of those Users have 2 Accounts for different services. What happens now is that users sometimes forget or don't use their second account after a few months causing it to get deactivated. If this disabled user has a Token assigned, the user is not able to log in with his other account anymore via the alias feature.
Is there any way to circumvent the problem without requiring admin input? The fact that a disabled user has a token is of no matter to us. We just want his other Account to be able to use that token to login. Since the token has to be assigned to one of the accounts, this problem is bound to ( and already does) happen in our system.
I do understand why it happens ( account A is basically pretending to be Account B) but a solution to this problem would be great.
Thanks for the help.
You should open a case so this can be discussed privately, with your specific details and needs, as any discussion about possibly reducing security on a public forum such as this one greatly increases your risks. Security is sometimes inconvenient but these controls are in place to reduce attack vectors.