You can provide online or offline emergency access to resources protected by RSA Authentication Manager in the following situations.
|User Situation Requiring Emergency Access||Available Methods|
| || |
Temporary fixed tokencode
| || |
Offline emergency access tokencode
Offline emergency access passcode
Note: These emergency access methods cannot be used to access resources protected by the Cloud Authentication Service.
There are two types of online emergency access tokencodes. Each tokencode is an 8-character alphanumeric code generated by Authentication Manager. The user's device must be able to reach Authentication Manager on the network.
Users must have been assigned a valid, unexpired RSA SecurID Token before they receive an online emergency access tokencode. If a user's token has expired, first assign a new token and then provide temporary access.
|Temporary fixed tokencode|| |
For instructions, see Assign a Temporary Fixed Tokencode.
|One-time tokencode|| |
For instructions, see Assign a Set of One-Time Tokencodes.
Users can also use the Self-Service Console to request temporary access to Authentication Manager without the assistance of an administrator. For more information, see RSA Self-Service Overview.
Online Emergency Access Tokencode Format
When online emergency access is used because the user's RSA SecurID token is unavailable, the token policy of the associated security domain determines the format of the online emergency access tokencode. For example, if the security domain’s token policy allows special characters, the online emergency access tokencode can include special characters.
This token policy is not considered when the online emergency access method is used in place of the Authenticate app.
Offline emergency access is intended for when the user cannot access the Authentication Manager server on the network. You must provide the emergency offline authentication codes in advance, when the user has online connectivity. The system generates and downloads an offline passcode or tokencode to the user's Windows device before the user needs it. These codes cannot be sent to a user who is offline.
Note: These methods cannot be used in place of the Authenticate app.
|Offline emergency access tokencode|| |
|Offline emergency passcode|| |