The Access Challenge Rule configuration in the RADIUS Authenticator plugin defines, how replies from the RSA SecurID RADIUS server are mapped to IAM authentication result types.
In this configuration example, we describe the set of rules for a standard PIN change required use case.