000019641 - RSA SecurID end users setting their own PIN or next tokencode on a VPN connection

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019641
Applies ToRSA ACE/Agent for Web
How to re-sync a token when using a Single Transaction Comm Server
Using public web site to run RSA ACE/Agent for Web to re-sync token
IssueRSA SecurID end users setting their own PIN or next tokencode on a VPN connection
Many third-party VPN solutions offered as managed services allow Strong authentication using 2-factor SecurID tokens. Some of these solutions do not provide the ability for users to change their PIN or allow the ability for "self-help" where they have had too many invalid authentication (or an infrequently used token has had a clock drift).
CauseThe method of authentications used in the third-party solution does not have any built-in ability to allow the user to change their logon password. This same facility is what gets used with an RSA SecurID token to allow the user to set their PIN (or next tokencode). This means that in a default system, the end user would need to ring up an administrator to resolve their problem, which is unfortunate since the ability for a user to resolve their own problem (and significantly reduce administration costs) is normally considered as a valued selling feature.
ResolutionMost companies have their own web sites these days, even if they are managed off-site. With a very simple change to procedures, end users may make use of this web site to resolve most problems they may experience with their tokens.

Configure RSA ACE/Agent for Web on the web site; this may protect a single page containing the message:

    Your Token is now configured for use with your company VPN connection.

Then, end users who experience problems with their token simple access this page on the Internet and RSA ACE/Agent for Web will prompt the user through a series of web pages to authenticate, set their PIN, or enter their next tokencode.

After successful authentication on this web page, they will be all set to go back to using their VPN connection and entering their full PASSCODE when prompted - safe in the knowledge that the authentication should now be successful.
Legacy Article IDa10974