User is not enrolled for any of the allowed identity confirmation authentication methods error during RSA Authentication Manager Risk Based Authentication

4 years ago

Originally Published: 2020-05-28

Article Number

000046115

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

Issue

The following error displays while authenticating from a client, such as an F5 BIG IP APM, configured for Risk-Based Authentication.

User is not enrolled for any of the allowed identity confirmation authentication methods

Resolution

This error happens when:

The authentication generated an assurance level below the configured assurance threshold, AND
The user has not configured a secondary challenge (identity confirmation) method for their account.

This error occurs during initial authentication with silent collection disallowed. It can also occur with silent collection allowed, but after the silent collection period has expired and without configuring a secondary challenge method.

If silent collection is not allowed, users must be instructed to configure their secondary challenge methods using the Self-Service Console before their first RBA authentication. If silent collection is allowed, then risk-based enabled clients will prompt a user to set up their identity confirmation method after a high assurance authentication (for example, from a known device). If this has not been done before the silent collection period ends, then the user must use the Self-Service Console to configure their identity confirmation method.

Notes

Identity confirmation methods can be security questions, On-Demand Authentication, or both.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles