Unlock All Tokencodes for a User

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Jun 21, 2019
Version 38Show Document
  • View in full screen mode

You must unlock the RSA SecurID Authenticate Tokencode, SMS Tokencode, and Voice Tokencode after they have been locked for a user. Unlocking these methods makes them available for authentication. Lockout settings are configured at My Account > Company Settings > Sessions & Authentication. Retries for each method are counted separately and each method is locked separately, but all methods are unlocked simultaneously. The lockout counter for each method is cleared after either of the following events occur:

  • The user successfully authenticates. For example, if four retries are allowed and the user fails twice and succeeds on the third attempt, the counter is set to 0 because the lockout maximum was not reached.
  • You manually unlock the methods on the Users > Management page.

Note:  Only the user's authentication method is locked. The user's Cloud Authentication Service account is not locked or inactivated.

Before you begin 

Super Admins and Help Desk Administrators can perform this task. If the user cannot be found, the Super Admin must synchronize the identity sources to update the Cloud Authentication Service.


  1. In the Cloud Administration Console, click Users > Management.
  2. In the Search field, enter the user's User ID, which is also the user's email address. Select the user from the list.
  3. On the user's detail page, click Unlock Tokencodes.

    A success message appears after the methods are unlocked.



You are here
Table of Contents > Authentication Methods > Unlock All Tokencodes for a User