000012089 - How to setup On Demand Authentication (ODA) in RSA Authentication Manager (AM) 8.X

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012089
Applies ToRSA Authentication Manager 8.0
RSA Authentication Manager 8.1

RSA Authentication Manager 8.X

IssueHow to setup or how to enable or how to configure On Demand Authentication (ODA) in RSA Authentication Manager (AM) 8.X
Looking for Request On Demand TokenCode, ODT from the Self Service Console.
CauseODA changed. in earlier versions you logged into the Self Service Console to request an On Demand TokenCode, ODT.  In AM 8.x, you create your User?s On Demand PIN, and you login with the PIN first, then wait for email with ODT.

First, you need an Enterprise License for ODA or RBA, check Security Console License Status
enable ODA for the User under Tokens?in Security console - Identity - Users - Manage Existing. 

Refer to Am 8.1 Admin Guide p.29
Find User and from User Drop-down menu select SecurID Tokens.  Hardware or Software Token Serial numbers are assigned up top, scroll down to On-Demand Authentication (ODA)
and Check the Enable USer for on-demand authentication.
Optionally set an expiration for this ODT
Configure the email address to deliver the token to (or configure SMS text messaging to send to a Cell Phone)
assign them their PIN - let them know their PIN throhg separate means or have them set in Self Service

1. The user opens a browser window, VPN client or Windows Login page and accesses the company web portal or protected resource (authentication agent).
2. When prompted, the user enters a User ID and PIN
A one-time TokenCode is sent to the user?s mobile phone (SMS text) or e-mail account.
3. The user enters the TokenCode into the browser/login page.
4. The user gains access to the protected resource
You do not need to enable ODA / ODT on an agent.  Check Implementation Guides for support on Partner platforms with either SecurID or RADIUS protocol.

Legacy Article IDa65473