Emergency Online Authentication

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

Online authentication provides emergency access for users with missing or damaged tokens. Even with a missing token, users can continue to have two-factor authentication using an online emergency access tokencode, an 8-character alphanumeric code generated by Authentication Manager.

Note:  Emergency online authentication to RSA authentication agents is supported for Authentication Manager users who lose or misplace the device that has the RSA SecurID Authenticate app. Emergency online authentication is not supported for additional authentication on the Cloud Authentication Service.

The format of the online emergency access tokencode is determined by the token policy of the associated security domain. For example, if the security domain’s token policy allows special characters, the online emergency access tokencode can include special characters.

If a user has an expired token, assign a new token, and then provide temporary access. An online emergency access tokencode cannot be assigned to a user with an expired token. For instructions, see Provide an Offline Emergency Passcode.

The following table lists the types of online emergency access tokencodes. Both tokencode types replace the tokencode generated by the user’s token.

                   
Tokencode TypeDescription
Temporary fixed tokencode
  • Can be used more than once.
  • Must be combined with the user’s RSA SecurID PIN to create a passcode, unless the emergency access tokencode is for the RSA SecurID Authenticate app. In this situation, the user only enters the emergency access tokencode.
  • Is displayed on the Self-Service Console.
One-time tokencode
  • Issued in sets.
  • You can determine the number of tokencodes in a set.
  • Must be combined with the user’s RSA SecurID PIN to create a passcode, unless the emergency access tokencode is for the RSA SecurID Authenticate app. In this situation, the user only enters the emergency access tokencode.
  • Is displayed on the Self-Service Console.
  • Users can download the set of one-time tokencodes in a file.
  • Each tokencode in the set can only be used once.

Users can also use the Self-Service Console to request temporary access to Authentication Manager without the assistance of an administrator. For more information, see RSA Self-Service Overview.

 

 

 

 


Attachments

    Outcomes