User DashboardUser Dashboard
The User Dashboard provides a consolidated view of authentication data for a single user, allowing you to identify and troubleshoot issues.
You can view the User Dashboard using:
- Quick Search on the Home page. Quick User Search allows you to search by last name, user alias, or User ID. You can search for users in one identity source or across all identity sources within your scope. For instructions, see Use Quick Search to View the User Dashboard for a User.
- User context menu. For instructions, see View the User Dashboard.
User Dashboard Tasks for Managing RSA Authentication ManagerUser Dashboard Tasks for Managing RSA Authentication Manager
You can use the User Dashboard to perform these tasks for a particular user in Authentication Manager.
Note: Your ability to view or perform tasks in the User Dashboard depends upon your license and administrative permissions. These features apply to hardware tokens and software tokens. Some features are unavailable for Authenticate Tokencode. For more information, see SecurID Authenticate Tokencodes.
Action |
Description |
Reference |
Enable or disable account |
Enable or disable a user from authenticating. |
|
Assign a user alias |
A logon alias allows users to authenticate with their SecurID token using User IDs other than their own. |
|
Unlock |
Locked out users cannot authenticate until they are unlocked. |
|
Change a password |
You can change passwords for users whose accounts are in the internal database. You might perform this task if the security of the old password has been compromised. |
|
Clear security question answers and cached windows password |
You might clear security question answers if the user forgot the answers, or if the security of the answers was compromised in some way. You can avoid a failed logon attempt by clearing the saved copy of the user's Windows password. |
Clear Security Question Answers in the User Dashboard Clear a Cached Copy of Windows Credentials in the User Dashboard |
Add to a user group and view user group memberships |
You can add users from any identity source to one or more user groups in the internal database only. |
Add a User to a User Group in the User Dashboard View User Group Memberships for a User in the User Dashboard |
Manage authentication settings |
You can create exceptions to authentication policies for individual users. These settings also allow you to troubleshoot user authentication issues. |
|
Enable or disable on-demand authentication |
On-demand authentication (ODA) delivers a one-time tokencode to a user’s mobile phone, e-mail account, or both. On-demand tokencodes expire after a specified time period, enhancing their security. |
Enable On-Demand Authentication for a User in the User Dashboard Disable On-Demand Authentication for a User in the User Dashboard |
Clear and set temporary on-demand authentication PIN |
You might clear a user's ODA PIN when the PIN is compromised, forgotten, or when your company policy requires the PIN change. You must always set a temporary PIN when you clear a user's PIN because ODA requires a PIN. The user must change a temporary PIN the first time it is used. |
Clear a User's On-Demand Authentication PIN in the User Dashboard |
Require a password change at next logon |
You can require users to change their passwords if the password is suspected of being compromised. If a user's identity source is the internal database, you can force the user to change the password the next time the user logs on. |
Require a User to Change a Password using the User Dashboard |
Assign hardware a token |
You can assign up to three active tokens per user. The SecurID Authenticate app does not count against this limit. Tokens that are managed in the Cloud Authentication Service do not count towards the three token limit. |
|
Assign and distribute a software token |
You can assign up to three active tokens per user. The SecurID Authenticate app does not count against this limit. Tokens that are managed in the Cloud Authentication Service do not count towards the three token limit. |
Assign and Distribute a Software Token to a User Using File-Based Distribution in the User Dashboard Distribute One Software Token Using Compressed Token Format (CTF) |
Clear a PIN |
Once cleared, the user must enter a tokencode, and then create a new PIN. This feature is not available for Authenticate Tokencodes. |
|
Generate emergency access tokencode |
Generate an emergency access tokencode for a user whose existing token has been permanently lost or destroyed. |
|
Resynchronize tokens |
Resynchronize a token when its tokencode does not match the tokencode generated by Authentication Manager. Mismatched tokencodes cause authentication to fail. This feature is not available for Authenticate Tokencodes. |
|
Replace a token |
Replace a token that has been permanently lost, stolen, damaged or expired. This feature is not available for Authenticate Tokencodes. |
|
Enable or disable tokens |
Only enabled tokens can be used for authentication. Tokens are automatically enabled when first assigned to a user. You might choose to disable a token if a user is out of the office for an extended period of time. Disabling a token does not remove it from the deployment. |
|
Unassign a token |
When you unassign a token, the user can no longer use the token to authenticate and the token is disabled. This feature is not available for Authenticate Tokencodes. |
User Dashboard Tasks for Managing Cloud Authentication Service Users in the Security ConsoleUser Dashboard Tasks for Managing Cloud Authentication Service Users in the Security Console
You can use the User Dashboard to manage users in the Cloud Authentication Service:
- Enable or disable a user: Enable or disable a user's ability to authenticate with the Cloud Authentication Service.
- Synchronize: Obtain user information from an identity source to view the user's most recent status from the Cloud Authentication Service directory server.
User information from the Cloud Authentication Service might not match the user information from Authentication Manager until the user is synchronized.
- Save: Save updates to the user record.
- Delete or Undelete a user: You can mark a disabled user for automatic bulk deletion from the Cloud Authentication Service or undelete a user who is marked for deletion.
- Unlock: You can unlock the SMS Tokencode, Voice Tokencode, and Authenticate Tokencode for a user.
- Change SMS Tokencode or Voice Tokencode phone number: You can change the SMS Tokencode or Voice Tokencode phone number that is used for tokencode delivery.
- Unassign, enable, and disable a SecurID 700 hardware token: You can unassign, enable, and disable a SecurID 700 hardware token that is managed in the Cloud Authentication Service.
- Disable Emergency Tokencode: You can disable Emergency Tokencode for a Cloud Authentication Service user.
- Delete a registered device for a SecurID Authenticate app user: You can delete a Cloud Authentication Service user's registered device for a SecurID Authenticate app user.
- Delete a known browser: You can delete a Cloud Authentication Service user's known browser.
For more information, see Manage Users for the Cloud Authentication Service on RSA Link.
Note: Your administrative role must permit you to manage RSA Cloud Authentication Service users in the Authentication Manager User Dashboard. You must have selected Manage RSA Cloud Authentication Service Users on the General Permissions tab. For more information, see Edit Permissions for an Administrative Role.
User Dashboard Components User Dashboard Components
The User Dashboard contains the following components:
Dashboard Quick SearchDashboard Quick Search
Use the Quick Search field on the User Dashboard to search by last name, user alias, User ID, or token serial number. If you search by token serial number and the token is already assigned, the User Dashboard displays. If the token is not assigned, the SecurID Tokens View page displays.
RSA Authentication Manager User ProfileRSA Authentication Manager User Profile
You can edit, disable, or unlock a user’s account. Disabling a user removes the user's ability to authenticate and suspends the user’s account privileges. You can only disable a user whose identity source is the internal database. You can unlock a user who has violated the lockout policy or self-service troubleshooting policy for the user’s security domain. You can also manage a user’s authentication settings.
The User Profile displays the time and date of the user's Last Authentication. The last authentication can be with an SecurID hardware or software token, or it can represent authentication to the Cloud Authentication Service using methods such as Approve or SecurID Authenticate Tokencode.
RSA Cloud Authentication User ProfileRSA Cloud Authentication User Profile
If you connect Authentication Manager to the Cloud Authentication Service on the Security Console Home page, and select Enable RSA Cloud Authentication, you can manage Cloud Authentication Service user accounts through the Authentication Manager User Dashboard. For more information, see Manage Users for the Cloud Authentication Service on RSA Link.
Assigned SecurID Tokens Assigned SecurID Tokens
You can assign or replace a hardware or software token by searching for a token across all security domains within your scope. After you assign a software token, you are prompted to distribute the token. You can manage all aspects of a user’s hardware or software token status.
The Assigned SecurID Tokens component displays the Last Logon date and time for each token in the list.
If you connect Authentication Manager to the Cloud Authentication Service on the Security Console Home page, and select Enable RSA Cloud Authentication for your users, you can clear a PIN or require PIN changes for SecurID Authenticate Tokencode. If you did not select Enable RSA Cloud Authentication, then PINs are not supported for the Authenticate Tokencode.
The Authenticate app does not affect the license count for users who already have an assigned authenticator in Authentication Manager. The Authenticate app increases the license count by one for users who do not have an assigned authenticator in Authentication Manager.
AuthenticatorsAuthenticators
If you enabled Cloud authentication on the Security Console Home page, then the User Dashboard lists authenticators that are managed in the Cloud Authentication Service. These include:
-
SecurID 700 hardware tokens that are managed in the Cloud Authentication Service
-
DS100
-
Registered FIDO
-
Emergency Tokencode for Cloud Authentication Service users
-
Authenticators that are registered for SecurID Authenticate users. For more information, see Authenticator Registration.
Activated tokens display a "Registered On" date. If activation is pending, the field is empty.
BrowsersBrowsers
If you enabled Cloud authentication on the Security Console Home page, then the User Dashboard lists known browsers that Cloud Authentication Service users have used for authentication.
Recent Authentication Activity on the RSA Authentication Manager Server Recent Authentication Activity on the RSA Authentication Manager Server
You can view a user’s on-premises authentication activity on the RSA Authentication Manager server through the User Dashboard in real time. You can customize the information displayed. A maximum of 50 records can be shown.
The Recent Authentication Activity component lists a user's authentication activity on the Authentication Manager server, such as Approve authentication, Device Biometrics authentication, authentication with hardware and software tokens, and Authenticate Tokencode.
Additionally, you can view:
- Log entries for real-time authentication activity over the past seven days for one user
- Time, result, and description of activity
RSA Cloud Authentication Service User Event MonitorRSA Cloud Authentication Service User Event Monitor
You can view a user’s cloud authentication activity and event monitor messages through the User Dashboard in real time. You can customize the information displayed. A maximum of 100 records can be shown.
Additionally, you can view:
- Log entries for real-time authentication activity over the past seven days for one user
- Time, code, category, and description of activity
For a description of the user events, see User Event Monitor Messages for the Cloud Authentication Service.
User Group MembershipUser Group Membership
You can view a user’s membership to user groups. You can add a user to one or more groups (maximum of 25).
Users in the same user group can access restricted agents. Users can be managed as part of the group. You can also remove users from user groups that are stored in the identity sources. This action does not delete the user's data from the identity source.
Accessible Agents Accessible Agents
You can view up to 50 restricted and unrestricted agents the selected user can access within your administrative scope. For restricted agents, the user can authenticate within the designated access times. You can search these agents by hostname.
On-Demand AuthenticationOn-Demand Authentication
You can view and manage information for that the user such as whether the user is enabled for on-demand authentication (ODA), the tokencode destination, PIN status, and tokencode expiration date.