Trusted Network policy attribute does not work correctly with applications configured after disabling Identity Confidence Collection with the RSA SecurID Access Application Portal

4 years ago

Originally Published: 2020-05-06

Article Number

000040693

Applies To

RSA Product Set: SecurID Access
RSA Product/Service Type: Cloud Authentication Service, Identity Router
RSA Version/Condition: Identity Router 12.9.0.0.4

Issue

There are unexpected results when accessing an application configured with the Application Portal that uses an access policy with the Trusted Network conditional policy attribute.

For example, the access policy is configured to allow access to users on a trusted network. Instead, users are denied access or prompted for multifactor authentication (MFA) when trying to access the application from a trusted network.

Cause

This behavior is due to a software defect (NGX-46349) that can occur on identity routers running software version 12.9.0.0.4 if Identity Confidence Collection is disabled on the Cloud Administration Console.

To confirm the setting,

Launch the Cloud Administration Console.
Go to My Account > Company Settings > Company Information > Identity Confidence Collection.

To verify the software version of an identity router,

Launch the Cloud Administration Console.
Go to Platform > Identity Routers.
Click the dropdown arrow next to the identity router's name.
Select Software Version.

Resolution

Defect NGX-46349 will be addressed in a future version of the identity router. Once addressed, Identity Confidence Collection can be disabled without impacting access policies that use the Trusted Network policy attribute.

Workaround

As a workaround, enable Identity Confidence Collection, save the settings, and publish the changes.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles