Generate a report of users with more than one token assigned in RSA Authentication Manager 8.x
Originally Published: 2019-05-08
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Resolution
- Launch an SSH client, such as PuTTY.
- Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
- Enter the following command to get the database password:
rsaadmin@am83p:> /opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.db.dba.password: ckg2DBtNZLy80TADWcGqdF0NOJygAQ
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.db.dba.password: ckg2DBtNZLy80TADWcGqdF0NOJygAQ
Note that the database password will be different for each installation of Authentication Manager.
- Use the following queries to generate the desired report(s):
- Generate a report with users that have more than 1 token assigned (2 or 3)
rsaadmin@am83p:>/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( select PD.loginuid from am_token AM join ims_principal_data PD on AM.principal_id=PD.id group by loginuid having count(*)>1) TO STDOUT WITH CSV HEADER " > /tmp/report_usertoken1.csv
Password for user rsa_dba: <enter the com.rsa.db.dba.password string from above>
- Generate a report for users that have only two tokens assigned:
rsaadmin@am83p:>/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( select PD.loginuid from am_token AM join ims_principal_data PD on AM.principal_id=PD.id group by loginuid having count(*)=2) TO STDOUT WITH CSV HEADER " > /tmp/report_usertoken2.csv
- Generate a report for users that have exactly three tokens assigned:
rsaadmin@am83p:> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( select PD.loginuid from am_token AM join ims_principal_data PD on AM.principal_id=PD.id group by loginuid having count(*)=3) TO STDOUT WITH CSV HEADER " > /tmp/report_usertoken3.csv
- The reports are saved in /tmp. You can copy the reports using the WinSCP application to your local PC and view them using Excel.
Related Articles
SailPoint IdentityNow - SecurID Authentication Manager Configuration Number of Views Video Demonstration: Changing the Hostname and IP Address and Generating a Configuration File in Authentication Manager 8.… Number of Views Configure Agent Settings Number of Views Authentication error for a challenged user with RSA Authentication Manager using REST protocol for RSA Authentication Agen… Number of Views Generate the Authentication Manager Configuration File Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
