Version Affected: All
Description:
When attempting to login to SecureAuth IdP, the vast majority of users can login just fine.
However, a subset of Users all fail with Invalid Password, despite typing the correct password.
Cause:
AD Logon Restrictions. This limits users to certain machines.
When SAIdP checks a users password, this counts as a login attempt on the IdP server itself (On Prem) or the Connector machine (Hybrid)
Resolution:
Work with your AD Admin team to add in the SecureAuth Servers to the allowed logon list in AD.
1. Open ADUC
2. Find the User in question and open their properties
3. Click on the Accounts tab and then the "Log on to" box
4. Type in the name of the SecureAuth IdP server / SecureAuth connector server
5. Click Add
6. Repeat for each server
7. Click OK to save the changes.
Special Considerations:
The Users can still be restricted from direct logins to these servers by using a GPO or Local Policy to set "Deny logon locally"
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.