Attributes for adding user accounts
To add user accounts to the RSA Authentication Manager server, specify the user ID, last name, security domain, and Identity Source attributes on the RSA Authentication Manager account form.
| Attribute | Description |
|---|---|
| User ID | User ID of the account. The permissible character limit for this attribute is 240. |
| Last Name | Surname of the account holder |
| Security Domain | Security domain name to which the user belongs |
| Identity Source | Directory server name that stores the user account data |
Note: When you add a user from IBM® Security Identity Manager, the
adapter creates a Global Unique Identifier (GUID) for the user on
the RSA Authentication Manager server.
In addition to the required attributes, you can also specify the other optional attributes on the RSA Authentication Manager account form. If you specify group or role attributes, you must reconcile support data before you create the account.
| Attribute | Description |
|---|---|
| First Name | Given name of the account holder |
| Middle Name | Middle name of the account holder |
| Certificate DN | Distinguished name of the subject in a certificate that is issued to the user for authentication |
| Notes | Description of the user account |
| Email address of the account holder | |
| Account Start Date | Date and time at which the account becomes active or available on the RSA Authentication Manager server. If no start date is specified, the account start date is the current date and time. |
| Account Expire Date | Date and time at which the account becomes inactive or unavailable on the RSA Authentication Manager server. If no expire date is specified, the account is active indefinitely from the start date. The account is inactive if the start date is the same or later than the expire date. |
| Force Password Change | Forces the user to change the password at the next logon to the RSA Authentication Manager server. This attribute might be used when a default password that must be changed is assigned, when the user starts to use the RSA Authentication Manager account. |
| User Group | Groups of which the user is a member. Groups help define the RSA Authentication Manager resources that the user can access. Select zero or more groups. |
| Admin Roles | Administrative roles that are assigned to the user. Roles define the privileges for the user and theRSA Authentication Manager resources that the user can access. Select zero or more roles. |
The following attributes can be specified on the Token tabs of the RSA Authentication Manager account form. If you are going to specify token attributes, you must reconcile the support data before you create the account.
| Attribute | Description |
|---|---|
| Assign Token | Identifier for an authentication token to assign to the user. Select an unassigned token or clear the field to unassign an existing token before you reassign it. |
| Security Domain | The security domain to which the token is assigned |
| Token Notes | Description of the token |
| Enable Token | Enables the assigned token to be used for authentication |
| Require PIN during authentication | Requires that the user to enter a PIN when this token is used for authentication |
| Force PIN change on next login | Forces the user to change the PIN the next time the user authenticates with this token |
| Clear Token PIN | Clears the PIN associated with this token. This attribute is ignored for account creation or when its value is false. |
| Replace With Next Available Token | Indicates that the RSA Authentication Manager server must replace this token with the next available token. Do not select this option if Replacement Token is specified. If you do, this attribute will fail and will cause a non-successful return status. |
| Replacement Token | Identifier for the token to replace this token. You must select an unassigned token when specifying a replacement. |
| Token PIN | The PIN for this token. The PIN must adhere to any applicable policies on the RSA Authentication Manager server. |