Jason Oeltjen

Emergency Access for your mobile authenticators

Blog Post created by Jason Oeltjen Employee on May 5, 2017

SecurID Access offers convenient options for authentication like push, biometrics, etc. Many of these are smart phone centric so, depending on how your system is deployed, your users may be required to have their mobile phone to authenticate. Occasionally, a user will forget their phone so we need to have a way to handle these emergency access scenarios. Here are the options in SecurID Access.


1. Do you have an Authentication Manager server attached to the SecurID cloud service? If so, make sure it is upgraded to release 8.2 SP1. As long as you are on that release or greater, your users using the SecurID Authenticate App can get emergency access just like your SecurID token users. Helpdesk admin can give the user a tokencode with a specific time limit (24 hours, for example) to get them through until they get back to their phone. Full details on this is available here Provide an Offline Emergency Access Tokencode.


2. If you don't have the Authentication Manager server connected to the cloud service, policies can be used for these users. Policy exceptions can be made to allow a specific user access with password only. The key here is to make sure that you have a process in place to revisit the policy the next day to reset it to normal after the emergency access period.