After you use the Security Console wizard to connect to the cloud, Approve authentication on legacy authentication agents requires the user to enter a username and PIN.
See Approve (Push Notifications) on RSA Link for information on PIN usage during the user's first authentication.
Clearing User PINs for Approve
When a user forgets the PIN they use for Approve authentication, you can clear the PIN so that the user can create a new one. After you clear the PIN, the user can create a new PIN in the Self-Service Console, or the next time the user authenticates.
Requiring Users to Change Their PIN for Approve
When you require a user to change a PIN for Approve, the user is prompted to create a new PIN after successfully authenticating with Approve. The user can also change the PIN in the Self-Service Console
You can require a PIN change only when a user knows the existing PIN. For example, you might require a user to change a PIN if the current PIN has been compromised. If a user has forgotten the PIN, clear the PIN.
Note: The RSA SecurID PIN and the Approve PIN are the same for the initial Approve authentication. A user can change the PINs later and have two different PINs.
We want your feedback! Tell us what you think of this page.