When users try to self register a soft token, they receive this error message:
"You do not have sufficient permissions to request a software token. Please contact your system administrator."
Before attempting this resolution, please first verify that all necessary Defender Management Portal configuration is complete and that group membership is configured correctly.
Add the Authenticated Users back to the Pre-Windows 2000 Compatible Access group. (If this was removed for security reasons, then move on to the next solution.)
The Authenticated Users group needs at minimum the following access on user accounts:
- Allow - Read Account Restrictions
- Allow - Read Group Membership
These are User properties and access cannot be granted via Group Membership. They can be added manually to each user account or by OU inherited permissions.