000037210 - Authenticating using emergency access tokencodes containing special characters does not work with RSA Authentication Agent 2.0 for Microsoft AD FS

Document created by RSA Customer Support Employee on Feb 27, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037210
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Agent for AD FS
RSA Version/Condition:  2.0
IssueIf the emergency access tokencode has special characters in it, emergency access tokencodes do not work in the RSA Authentication Agent 2.0 for Microsoft AD FS.

The error observed is as follows:
You must enter a passcode

User-added image
There will be no messages in the real-time authentication activity monitors regarding authentication failure.
WorkaroundA workaround would be to edit the token policy in Authentication Manager to not 'Include special characters' resolves the issue.

To edit the token policy,
  1. Login to Security Console.
  2. Navigate to Authentication > Policies > Token Policies > Initial Token Policy (or the relevant token policy).
  3. Click Edit.
  4. At the bottom of the page under Emergency Access Code Format, make sure the following are checked:

  • Include numeric characters
  • Include alphabetic characters

  1. Uncheck the option for Include special characters.
  2. Click Save.
  3. Authentication will work fine with letters, numbers or both.