How to enable AveksaAdmin account if it has been disabled from the UI by another user with admin privileges in RSA Governance & Lifecycle
2 years ago
Originally Published: 2024-10-24
Article Number
000072970
Applies To
  • RSA Governance & Lifecycle 8.0
  • SecurID Governance & Lifecycle 7.5.2
Issue

RSA Governance & Lifecycle allows for the option to disable the login capability of the built-in AveksaAdmin account. The AveksaAdmin account login capability can be disabled by another user with System Administrator privileges through the UI > Admin > System > Settings > Edit.  However, this can pose a significant risk if authentication issues arise, leaving all users, including administrators, unable to access the system. The AveksaAdmin account is intended to serve as an emergency access account, allowing for critical access to the system when other authentication methods fail.

 

If the login capability for the AveksaAdmin account is disabled, and the system experiences authentication issues, administrators may be completely locked out of the system. This situation arises in scenarios where customers are unable to log in due to problems with the primary authentication source, and the AveksaAdmin account is their only fallback option.

 

Resolution

If the login capability for the built-in AveksaAdmin account has been disabled in RSA Governance & Lifecycle AND other users (including system administrators) are unable to login to RSA Governance & Lifecycle due to authentication system failure, the AveksaAdmin account can be enabled through direct database update so further troubleshooting or system administration tasks could be carried out.

Follow the steps below to re-enable the AveksaAdmin account through an update to the RSA Governance & Lifecycle database in the above situation where no other system administrators can login and access to the system is required through AveksaAdmin login:

  • Access the RSA Governance & Lifecycle database using a database client tool (e.g., SQLPLUS, SQL Developer) with the necessary permissions (e.g., AVUSER).
  • Execute the below SQL query to enable the login capability for the AveksaAdmin account: 
    UPDATE t_system_settings SET value = 'false' WHERE parameter = 'SuperAdminLoginDisabled';
  • After executing the above query successfully, you can log in using the old AveksaAdmin password.

 

Don't see what you're looking for?