Manage PINs for Approve Authentication

Document created by RSA Information Design and Development on Jun 24, 2019
Version 1Show Document
  • View in full screen mode

After you use the Security Console wizard to connect to the cloud, Approve authentication on legacy authentication agents requires the user to enter a username and PIN. See Set User Expectations for Device Registration and Authentication for information on PIN usage during the user's first authentication.

Clearing User PINs for Approve

When a user forgets the PIN they use for Approve authentication, you can clear the PIN so that the user can create a new one. After you clear the PIN, the user can create a new PIN in the Self-Service Console, or the next time the user authenticates. For instructions, see Clear an RSA SecurID PIN and Clear an RSA SecurID PIN in the User Dashboard.

Requiring Users to Change Their PIN for Approve

When you require a user to change a PIN for Approve, the user is prompted to create a new PIN after successfully authenticating with Approve. The user can also change the PIN in the Self-Service Console.

You can require a PIN change only when a user knows the existing PIN. For example, you might require a user to change a PIN if the current PIN has been compromised. If a user has forgotten the PIN, clear the PIN.

For instructions, see Require Users to Change Their RSA SecurID PINs and Use the User Dashboard to Require PIN Changes.

Note:  The RSA SecurID PIN and the Approve PIN are the same for the initial Approve authentication. A user can change the PINs later and have two different PINs.

 

 


Attachments

    Outcomes