Assign a Set of One-Time Tokencode for Online Emergency Access

Document created by RSA Information Design and Development Employee on Jun 13, 2017Last modified by RSA Link Admin on Sep 18, 2020
Version 15Show Document
  • View in full screen mode

You can provide online emergency access for a user whose RSA SecurID Token or RSA SecurID Authenticate app is temporarily unavailable by assigning a set of one-time tokencodes. Each one-time tokencode can be used once in place of the user's missing token. The set of tokencodes allows a user to authenticate multiple times without contacting an administrator each time.

RSA SecurID users must enter the one-time tokencode with the RSA SecurID PIN to perform two-factor authentication. Authenticate app users enter the one-time tokencode without a PIN. (A PIN might be required to view the tokencode on the mobile device, but this is not the RSA SecurID PIN.)

The user must be able to access the RSA Authentication Manager network when using a one-time tokencode.

Note:  One-time tokencodes can only be used to access resources protected by Authentication Manager. They cannot be used to access resources protected by the Cloud Authentication Service.

Before you begin 

Users must have already been an assigned a valid (not expired) RSA SecurID token before you send them sets of one-time tokencodes. This requirement also applies to users who will use a one-time tokencode in place of the Authenticate app.

Procedure 

  1. In the Security Console, click Authentication > SecurID Tokens > Manage Existing.

  2. Use the search fields to find the appropriate token.

  3. From the search results, click the token with which you want to work.

  4. From the context menu, click Emergency Access Tokencodes.

  5. On the Manage Emergency Access Tokencodes page, select the Online Emergency Access checkbox to enable authentication with an online emergency access tokencode.

  6. Select Set of One-Time Tokencodes.

  7. Enter the number of tokencodes that you want to generate.

  8. Click Generate Codes. The set of tokencodes displays below the Generate Codes button.

  9. Record the set of one-time tokencodes so you can communicate them to the user.

  10. Select one of the following options for the Emergency Access Tokencode Lifetime:

    • No expiration.

    • Set an expiration date for the tokencode.

  11. In the If Token Becomes Available field, configure how Authentication Manager handles lost or unavailable tokens that become available.

    • Deny authentication with the recovered token.

      If a token is permanently lost or stolen, deny authentication with the recovered token so that it cannot be used for authentication if recovered by an unauthorized individual. This is essential if the lost token does not require a PIN.

    • Allow authentication with the recovered token while simultaneously disabling the emergency access tokencode.

    • Allow authentication with the recovered token only after the emergency access tokencode has expired.

  12. Click Save.

Related Concepts

RSA SecurID Tokens

 

 

 

You are here
Table of Contents > Emergency Access > Assign a Set of One-Time Tokencodes

Attachments

    Outcomes