000012089 - How to setup On Demand Authentication (ODA) in RSA Authentication Manager (AM) 8.X

RSA Authentication Manager 8.X

First, you need an Enterprise License for ODA or RBA, check Security Console License Status
Second, enable ODA for the User under Tokens?in Security console - Identity - Users - Manage Existing. 

Refer to Am 8.1 Admin Guide p.29
Find User and from User Drop-down menu select SecurID Tokens.  Hardware or Software Token Serial numbers are assigned up top, scroll down to On-Demand Authentication (ODA)
and Check the Enable USer for on-demand authentication.
Optionally set an expiration for this ODT
Configure the email address to deliver the token to (or configure SMS text messaging to send to a Cell Phone)
assign them their PIN - let them know their PIN throhg separate means or have them set in Self Service
[Save]
1. The user opens a browser window, VPN client or Windows Login page and accesses the company web portal or protected resource (authentication agent).
2. When prompted, the user enters a User ID and PIN
A one-time TokenCode is sent to the user?s mobile phone (SMS text) or e-mail account.
3. The user enters the TokenCode into the browser/login page.
4. The user gains access to the protected resource
You do not need to enable ODA / ODT on an agent.  Check Implementation Guides for support on Partner platforms with either SecurID or RADIUS protocol.