Trusted Network policy attribute does not work correctly with applications configured after disabling Identity Confidence Collection with the RSA SecurID Access Application Portal
4 years ago
Originally Published: 2020-05-06
Article Number
000040693
Applies To
RSA Product Set: SecurID Access
RSA Product/Service Type: Cloud Authentication Service, Identity Router
RSA Version/Condition: Identity Router 12.9.0.0.4
Issue
There are unexpected results when accessing an application configured with the Application Portal that uses an access policy with the Trusted Network conditional policy attribute.

For example, the access policy is configured to allow access to users on a trusted network. Instead, users are denied access or prompted for multifactor authentication (MFA) when trying to access the application from a trusted network.
Cause
This behavior is due to a software defect (NGX-46349) that can occur on identity routers running software version 12.9.0.0.4 if Identity Confidence Collection is disabled on the Cloud Administration Console.

To confirm the setting,
  1. Launch the Cloud Administration Console.
  2. Go to My Account > Company Settings > Company Information > Identity Confidence Collection.

To verify the software version of an identity router,
  1. Launch the Cloud Administration Console.
  2. Go to Platform > Identity Routers.
  3. Click the dropdown arrow next to the identity router's name.
  4. Select Software Version.
Resolution
Defect NGX-46349 will be addressed in a future version of the identity router. Once addressed, Identity Confidence Collection can be disabled without impacting access policies that use the Trusted Network policy attribute.
Workaround
As a workaround, enable Identity Confidence Collection, save the settings, and publish the changes.
Don't see what you're looking for?