Users that do not have a SecurID software or hardware token fail to authenticate with their SecurID Authenticate app with the Authentication Manager reporting the following authentication error:
Unable to resolve user by login ID and/or alias, or authenticator not assigned to user
RSA Authentication Manager users who do not have an active RSA SecurID hardware or software token assigned to them must be explicitly enabled to use the RSA SecurID Authenticate app by an Authentication Manager super admin.
The manage-securid-authenticate-app-provisioning utility can be run on a list of users at any time (before or after users have registered their Authenticate app) and will safely ignore any users that have already been enabled.
The manage-securid-authenticate-app-provisioning utility processing will generate Authentication Manager administrative log messages such as Create Token, Update Principal and Link Token with Principal. Each enabled user will then have a SecurID token of the form MFA123456789, representing their SecurID Authenticate App.