Any user created in Active Directory can log in to RSA NetWitness UI

Issue

Active Directory (AD) user who is not part of any groups under the External Group Mapping can log in to NetWitness UI.
Even after removing all the groups under the External Group Mapping, the AD users are still able to log in to NetWitness UI.

Resolution

SSH to NW Admin Server and run the following commands.

 [root@NWADMIN ~]# 
 nw-shell
 
RSA NetWitness Shell. Version: 4.15.4
 
See "help" to list available commands, "help connect" to get started.
 
offline » 
 login
 
user: 
 deploy_admin
 
password: 
 **********
 
deploy_admin@offline » 
 connect --service security-server
 
INFO: Connected to security-server (03879097-86c0-4e09-8266-f5f8b56f83f8)
 
deploy_admin@security-server:Folder:/rsa » 
 cd security/authentication/policy/must-have-a-role
 
deploy_admin@security-server:Configuration:/rsa/security/authentication/policy/must-have-a-role » 
 get
 
 false
 
deploy_admin@security-server:Configuration:/rsa/security/authentication/policy/must-have-a-role » 
 set true
 
deploy_admin@security-server:Configuration:/rsa/security/authentication/policy/must-have-a-role » 
 exit

Once above steps are done, only the users under the group in External Group Mapping should be allowed to log in to NetWitness UI.

Product Details

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: NW Admin Server
RSA Version/Condition: 11.x

Approval Reviewer Queue

RSA NetWitness Suite Approval Queue