|Applies To||Authentication Manager 7|
Authentication Manager 8
Authentication Manager Express
|Issue||complete an On-Demand authentication|
|Resolution||Using Initial PINs and Temporary/expired PINs|
An administrator can set the User's initial PIN-1, the user can also do this in the Self-Service console if allowed by the Self-Service policies. Users must change their initial/temporary/expired PIN-1 during the first authentication attempt.
RSA recommends that you inform your users of the following behavior to prevent confusion when users are required to:
- Enter a PIN at the passcode prompt
- Enter the next tokencode when they have received only one tokencode
To change an initial/temporary/expired PIN-1:
1. The user attempts to access a protected resource, and the agent prompts the user to enter a User ID and passcode.
2. The user enters the initial/temporary/expired PIN-1.
3. The agent prompts the user to set a new PIN and to confirm the new PIN, the user chooses and enters PIN-2 in both fields.
4. The agent prompts the user to enter a passcode.
5. The user enters PIN-2 (NOT a passcode) into the Passcode field.
When a user who is enabled for on-demand tokencode service enters a PIN at the passcode prompt,
Authentication Manager recognizes that the user is actually making a request for an on-demand tokencode.
6. Authentication Manager sends an on-demand tokencode to the user?s
designated mobile phone number or e-mail address.
Note: The delivery time for the tokencode depends on the speed of the mail
server or SMS service.
7. The agent prompts the user for Next tokencode.
8. The user enters the tokencode received in step 6.
|Legacy Article ID||a63877|