000028924 - Self-Service Console doesn't display On-Demand Authentication (ODA) link for RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support on Jan 8, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000028924
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
  • There is a link for On-Demand Authentication in the RSA Authentication Manager 7.1 Self-Service Console that says "Get an On-Demand Tokencode" link.  It leads to the page: "Send Me an On-Demand tokencode" that goes to https://<FQDN>:7004/console-selfservice/OnDemandOTTLogin.do?action=nvPreEdit.
  • RSA Authentication Manager 8.x does not have a Get an On-Demand Tokencode link in the Self-Service Console RSA Authentication Manager 7.1 had.
CauseThe feature was removed from RSA Authentication Manager 8.0 and later.
ResolutionThis is functioning as designed in RSA Authentication Manager 8.x in that there is no link to request an On-Demand tokencode in the Self-Service Console.
However, the functionality still exists that the page.

The "Send Me an On-Demand tokencode" page can be accessed by using the direct URL of https://<FQDN>:7004/console-selfservice/OnDemandOTTLogin.do?action=nvPreEdit.
WorkaroundThe On-Demand tokencode request is normally available through an authentication agent or RADIUS client in RSA Authentication Manager 8.x.
With an On-Demand tokencode, the following process occurs on either the Authentication Agent or RADIUS client:
  1. The user accesses a protected resource, and the agent prompts the user for a user ID and passcode.
  2. The user enters his or her user ID and, at the passcode prompt, an On-Demand Authentication (ODA) PIN, not passcode.
  3. When a user who is enabled for the On-Demand tokencode service enters an ODA PIN at the passcode prompt, Authentication Manager recognizes that the user is actually making a request for an On-Demand tokencode.
  4. Authentication Manager sends a tokencode to the user.
  5. The authentication agent prompts the user to enter the tokencode.
  6. The user enters the received On-Demand tokencode. 

This is covered in more detail on pages 231-232 of the RSA Authentication Manager 8.1 Administrator's Guide.