Delete an (double) identity source in RSA 7.1

Today I stumbled upon a small problem with our RSA Authentication Manager environment. Accidently there where added two identity sources, to the same LDAP (AD) server. When I tried to delete one of these identity sources, I got an error that it was still linked or that it still has connected users or groups to it.

I really wanted only one identity source, otherwise it could become a big mess in the future. So after some struggling around, it was, as usual, quiet easy at the end. To delete the connected users of the unlinked identity source, you login to the security console and go to setup -> Component Configuration -> General. Here you find the magic checkbox which is labelled “Force system to delete all users and user groups from internal database that no longer exist in the external identity source”, make sure this one is checked. Below you can schedule the time it has to run, I set it one minute ahead. So after a few minutes about 5 or 10, I was able to go the operations console and delete the identity source.

Unfortunately I couldn’t figured out, which users where deleted by this action.
Since there weren’t added a lot of users, since this mistake was made. It was easy for me to find the request for authorization, so I added them manually later.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

4 thoughts on “Delete an (double) identity source in RSA 7.1

  1. Hey Rob,

    So a result from this step is that all users linked to the deleted identity source needed to be assigned a token from scratch or were they automatically linked to the other identity source?

    René

  2. When I try to assign a keyfob to a user, I get an error message stating ‘Principal with userid already exists in the realm:userid’.
    I’m sure that only one user account with the user ID exist. It might be cache problem.
    Will this option (“Force system to delete all users and user groups from internal database that no longer exist in the external identity source”) help me to get ride of this issue?
    Will it delete the existing user accounts in AD?

  3. Mak :

    When I try to assign a keyfob to a user, I get an error message stating ‘Principal with userid already exists in the realm:userid’.
    I’m sure that only one user account with the user ID exist. It might be cache problem.
    Will this option (“Force system to delete all users and user groups from internal database that no longer exist in the external identity source”) help me to get ride of this issue?
    Will it delete the existing user accounts in AD?

    I’m not a RSA expert, but I can not imagine that it will delete the account from the AD.
    So if you have a good back-up, I would take the chance.

Leave a Reply

Your email address will not be published. Required fields are marked *

*